skill-comply
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill functions as an evaluation framework that ingests and analyzes other instruction artifacts, such as SKILL.md files and rules. This creates an attack surface for indirect prompt injection where malicious instructions within the target files could attempt to influence the evaluating agent's behavior.
- Ingestion points: The skill accepts paths to local SKILL.md files, rule definitions, and execution trace logs for analysis (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing external artifacts.
- Capability inventory: The skill is capable of reading local files, writing report files, and executing local agent commands or tests.
- Sanitization: There is no evidence of sanitization or validation logic for the content within the ingested instruction artifacts.
- [SAFE]: The skill follows standard documentation practices for defining a testing workflow and does not contain hardcoded credentials, obfuscation, or unauthorized network communications. All external references, such as the author URL, are transparent and consistent with the vendor identity.
Audit Metadata