vciso
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a non-executable role bundle composed of process guidelines, engagement sequences, and report templates. No malicious scripts or system modification commands were detected.
- [PROMPT_INJECTION]: The skill includes a 'Prompt Injection Safety Notice' that provides defensive instructions to the agent. These instructions direct the model to ignore conflicting input commands that attempt to bypass established methodologies or role definitions, which is a recognized security best practice for persona-based skills.
- [EXTERNAL_DOWNLOADS]: The references section contains links to official documentation from well-known security organizations including NIST, AICPA, ISO, CIS, and OWASP. No automated downloads or remote code execution patterns are present.
- [DATA_EXFILTRATION]: The skill utilizes standard file system tools (Read, Grep, Glob) to facilitate security assessments. No evidence of unauthorized data transmission, credential harvesting, or hardcoded secrets was found.
Audit Metadata