grill-me
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions are purely behavioral and focused on prompt-based interaction with the user. No suspicious patterns, command executions, or data exfiltration attempts were detected.
- [DATA_EXPOSURE]: The skill allows the agent to explore the codebase to answer questions. This is a standard capability for design-review skills and is limited to local filesystem reads within the agent's execution environment.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data by exploring the codebase, which presents an attack surface for indirect prompt injection if the codebase contains untrusted instructions.
- Ingestion points: Local codebase files accessed during the decision-tree resolution process (SKILL.md).
- Boundary markers: None present.
- Capability inventory: Implicit filesystem read access through codebase exploration (SKILL.md).
- Sanitization: None present; the agent relies on its core safety constraints when processing file content.
Audit Metadata