zero-trust-assessment
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill contains defensive instructions against prompt injection. It explicitly directs the agent to ignore directives like "ignore previous instructions" when encountered in input data, treating them as security findings rather than instructions to follow.
- [INDIRECT_PROMPT_INJECTION]: An attack surface exists as the skill is intended to process untrusted architecture and configuration documentation. This is mitigated by explicit security boundaries and instructions for the agent to treat all input data as untrusted and to avoid following instructions embedded in policy metadata or configuration comments.
- [COMMAND_EXECUTION]: The skill is strictly read-only and limited to assessment tasks. The frontmatter restricts tool access to 'Read', 'Grep', and 'Glob', and the instructions explicitly forbid executing configuration changes.
- [DATA_EXFILTRATION]: There is an explicit prohibition against exfiltrating network topology, IP addresses, or security configurations discovered during review. No network-capable tools are authorized in the skill's configuration.
- [SAFE]: No obfuscation, persistence mechanisms, or unauthorized third-party dependencies were found within the skill files.
Audit Metadata