capa-officer

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Comprehensive analysis of the skill's instructions and scripts reveals no malicious patterns. The skill focuses on professional quality management tasks without unauthorized network operations or data exfiltration attempts.- [COMMAND_EXECUTION]: The skill includes instructions for using a local Python tool (scripts/capa_tracker.py) to process CAPA data and generate status reports. This functionality is consistent with the skill's stated purpose and uses local resources provided by the author.- [PROMPT_INJECTION]: No direct prompt injection or safety override attempts were identified. The skill's ingestion of local JSON data (capas.json) represents a standard data processing interface rather than a malicious injection attempt. Evidence chain for indirect surface: (1) Ingestion points: capas.json processed via CLI in SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: Subprocess execution of scripts/capa_tracker.py in SKILL.md; (4) Sanitization: Not specified in documentation.- [CREDENTIALS_UNSAFE]: No hardcoded API keys, tokens, or sensitive credentials were found in the skill metadata or instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 06:59 AM
Security Audit — agent-trust-hub — capa-officer