pipeline-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were detected. The skill's functionality is limited to local file analysis and generating a summary report.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from the draft files.
- Ingestion points: Reads
output/DRAFT.mdandoutline/outline.ymlto perform quality checks (scripts/run.py). - Boundary markers: No specific delimiters or "ignore" instructions are used around the processed data.
- Capability inventory: The skill is restricted to file system read/write operations and does not possess network or shell execution capabilities.
- Sanitization: The script uses regex to identify quality issues and does not interpret or execute the content of the draft as instructions.
- [DYNAMIC_EXECUTION]: The script uses computed paths to manage internal module imports.
- Evidence: The script dynamically modifies
sys.pathby calculating the repository root relative to its own file path (scripts/run.py). - Context: This is a standard pattern for accessing vendor-provided utility functions in the
toolingpackage and does not involve untrusted code.
Audit Metadata