compliance-review
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and phases are consistent with the stated purpose of technical compliance auditing and follow industry standards.
- [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it is designed to ingest and process data from external target URLs. Ingestion points: Target URLs and browser console logs are processed in Phase 3. Boundary markers: None identified; untrusted web content is processed without explicit delimiters. Capability inventory: The skill uses browser interaction tools and local file writing for reports. Sanitization: No sanitization of external web content is specified.
- [DATA_EXFILTRATION]: All data processing is contained within the specified scope, and reports are written to vendor-controlled local directories (
shiplight/), posing no exfiltration risk. - [COMMAND_EXECUTION]: While the skill generates YAML-based regression tests for continuous compliance, these are data-driven configurations and do not involve arbitrary shell command execution.
Audit Metadata