usage-insights
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill's behavior matches its stated purpose of generating local code for usage statistics.
- [DATA_EXFILTRATION]: The skill emphasizes on-device storage and processing. It includes explicit guidance in the Gotchas section advising the agent to never transmit usage data to external servers.
- [PROMPT_INJECTION]: Indirect prompt injection surface analysis: (1) Ingestion points: User configuration gathered via AskUserQuestion in SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: File-system access and modification tools (Write, Edit, Bash) are enabled; (4) Sanitization: Input is limited to specific functional choices (e.g., period, style), resulting in a negligible risk profile.
- [EXTERNAL_DOWNLOADS]: No remote resources, unpinned dependencies, or external scripts are fetched or executed. All code templates are provided locally within the skill package.
Audit Metadata