capa-officer
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Comprehensive analysis of the skill's instructions and scripts reveals no malicious patterns. The skill focuses on professional quality management tasks without unauthorized network operations or data exfiltration attempts.- [COMMAND_EXECUTION]: The skill includes instructions for using a local Python tool (
scripts/capa_tracker.py) to process CAPA data and generate status reports. This functionality is consistent with the skill's stated purpose and uses local resources provided by the author.- [PROMPT_INJECTION]: No direct prompt injection or safety override attempts were identified. The skill's ingestion of local JSON data (capas.json) represents a standard data processing interface rather than a malicious injection attempt. Evidence chain for indirect surface: (1) Ingestion points:capas.jsonprocessed via CLI inSKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: Subprocess execution ofscripts/capa_tracker.pyinSKILL.md; (4) Sanitization: Not specified in documentation.- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or sensitive credentials were found in the skill metadata or instructions.
Audit Metadata