Skills
skills/sisodiabhumca/agent-skills/incident-postmortem-builder/Gen Agent Trust Hub

incident-postmortem-builder

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration attempts were detected. The skill follows its stated purpose and operates within a local environment.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection by processing external timeline data from CSV files and interpolating it into Markdown reports.
  • Ingestion points: The --timeline CSV file read by the build.py script during runtime.
  • Boundary markers: Absent; the script does not implement delimiters to distinguish untrusted CSV content from the report template.
  • Capability inventory: File system read (timeline data) and file system write (generated report output) via build.py.
  • Sanitization: No sanitization or escaping is applied to fields like event, actor, or source before they are embedded into the output Markdown table.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 04:11 PM
Security Audit — agent-trust-hub — incident-postmortem-builder