Skills
skills/varnan-tech/opendirectory/vc-curated-match/Gen Agent Trust Hub

vc-curated-match

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill is a self-contained utility that processes a local JSON dataset (data/vc_funds.json) using standard Python libraries. No network activity, data exfiltration, or remote code execution was detected.
  • [COMMAND_EXECUTION]: The skill relies on local script execution via python scripts/run.py to perform its primary function of matching and report generation.
  • [PROMPT_INJECTION]: The skill processes untrusted user input (product descriptions and URLs) which are interpolated into a generated report. This constitutes a surface for indirect prompt injection.
  • Ingestion points: The scripts/run.py script ingests user-provided text via the --description and --url command-line arguments.
  • Boundary markers: The script does not utilize specific boundary delimiters to isolate user-provided content from the report instructions within the output file.
  • Capability inventory: The skill has the capability to create directories and write files to the local filesystem using the os and open modules in scripts/run.py.
  • Sanitization: The scripts/generate_report.py script performs basic sanitization by escaping markdown brackets ([ and ]) in the product description to prevent formatting issues.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 12:37 AM
Security Audit — agent-trust-hub — vc-curated-match