sbom-analysis
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code, data exfiltration patterns, or unauthorized command executions were detected. The skill's functionality is strictly limited to information analysis within a defined scope.
- [PROMPT_INJECTION]: The skill contains a robust 'Prompt Injection Safety Notice' that proactively instructs the agent to disregard any instructions embedded within the untrusted SBOM or VEX files it processes. This is an industry best practice for mitigating indirect prompt injection.
- [EXTERNAL_DOWNLOADS]: All external references point to reputable and official organizations, including NTIA, CISA, the European Commission, and established standard bodies like OWASP and the Linux Foundation.
- [COMMAND_EXECUTION]: The skill limits its environment to essential analysis tools (Read, Grep, Glob) and provides specific processes for validating data before interpretation, reducing the risk of accidental command or argument misuse.
Audit Metadata