ctf-source-audit
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of educational documentation and does not contain any malicious instructions, obfuscation, or exfiltration logic.
- [SAFE]: Analysis of Dangerous Functions: The identification of functions such as system(), eval(), and pickle.loads() is strictly for educational auditing purposes in a CTF context and does not involve the execution of these functions by the skill itself.
- [SAFE]: Indirect Prompt Injection Surface: The skill is intended to guide the agent in analyzing user-provided source code. 1. Ingestion points: User-provided source code snippets (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Identification of code sinks and data flow. 4. Sanitization: Absent.
- [SAFE]: The skill mentions well-known security tools such as flask-unsign and identifies common vulnerability patterns like prototype pollution and SSTI solely as reference material for identifying flaws in target source code.
Audit Metadata