karpathy-agentic-guidelines-q8
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill consists exclusively of documentation and operating rules for AI agents in coding and research environments.
- [PROMPT_INJECTION]: No prompt injection or bypass attempts detected. The instructions explicitly reinforce human authority and verification discipline, directing the agent to seek clarification and maintain scoped autonomy.
- [DATA_EXFILTRATION]: No patterns for sensitive data access, hardcoded credentials, or network exfiltration were identified.
- [REMOTE_CODE_EXECUTION]: No remote code execution, package installation, or external script downloading patterns are present in the skill files.
- [COMMAND_EXECUTION]: The skill does not contain any shell commands, dynamic context injections, or instructions to execute arbitrary code outside of standard agent operations.
- [INDIRECT_PROMPT_INJECTION]: The skill addresses potential risks in processing external data by mandating human review of all changes (Rule 3) and anchoring agent loops with failing tests and reproducible cases (Rule 7). These measures serve as safety guardrails for handling potentially untrusted code or requirements.
Audit Metadata