soc2-gap
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill follows security best practices by including defensive prompts to mitigate indirect prompt injection risks. All tools and processes are consistent with the skill's stated purpose of compliance analysis.
- [PROMPT_INJECTION]: The skill contains defensive markers intended to protect the agent from following instructions embedded in untrusted data (e.g., 'ignore previous instructions'). These are treated as data for analysis rather than functional overrides, as stated in the 'Prompt Injection Safety Notice' in SKILL.md.
- [DATA_EXFILTRATION]: No network access or unauthorized file access patterns were identified. The skill uses local file-system tools (Read, Grep, Glob) strictly for the purpose of auditing local compliance documentation.
- [COMMAND_EXECUTION]: The skill does not contain any instructions for executing shell commands or scripts. It explicitly forbids the execution of code found within compliance documents.
Audit Metadata