trace
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill is designed for UX research and adheres to safe data-handling practices.
- [DATA_EXFILTRATION]: The skill contains extensive instructions to prevent data exposure, including mandatory PII masking, client-side redaction, and strict adherence to privacy laws like GDPR and CCPA. It explicitly forbids the transmission of unredacted session payloads.
- [PROMPT_INJECTION]: No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as
curl | bashor dynamicevalcalls, are present in the skill or its references. - [INDIRECT_PROMPT_INJECTION]: While the skill ingests external data (session logs and event streams), it lacks exploitable capabilities like arbitrary command execution or network-writing tools that would make it vulnerable to indirect injection. It also mandates boundary markers and PII sanitization.
Audit Metadata