security-hardening
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill contains scripts designed to audit system security which execute commands via subprocesses.
- Evidence in
scripts/security-checker.sh: Executesufw,firewall-cmd, andauditctlto check system hardening status. - Evidence in
scripts/vulnerability-scanner.py: Executespip-auditandnpm auditto scan dependencies for known vulnerabilities. - [EXTERNAL_DOWNLOADS] (LOW): Utility scripts perform outbound network requests to validate security configurations of remote servers.
- Evidence in
scripts/headers-validator.sh: Usescurlto fetch and inspect HTTP headers. - Evidence in
scripts/vulnerability-scanner.py: Usesurllib.requestto check for security headers and TLS configuration. - [DATA_EXPOSURE] (LOW): Audit scripts read local system configuration files to identify potential misconfigurations.
- Evidence in
scripts/security-checker.sh: Accesses/etc/ssh/sshd_config,/etc/passwd, and/etc/shadowto verify permissions and authentication settings. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill has an attack surface for indirect injection as it processes untrusted local files and external URLs.
- Ingestion points: User-provided file paths and URLs processed by
vulnerability-scanner.py,headers-validator.sh, andconfig-auditor.py. - Boundary markers: Absent; data is processed directly.
- Capability inventory: File system read access and subprocess command execution are available to the skill.
- Sanitization: Absent; the scripts perform regex-based auditing on raw content without prior sanitization.
Audit Metadata