security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell tools including Bash and Grep to scan the filesystem for sensitive patterns, hardcoded credentials, and insecure code configurations.
- [EXTERNAL_DOWNLOADS]: The instructions recommend using industry-standard auditing utilities such as npm audit and pip audit, which interact with official package registries to identify known vulnerabilities in dependencies.
- [PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface because its primary function involves reading and analyzing untrusted codebases.
- Ingestion points: External files are ingested via the Read, Grep, and Glob tools during an audit.
- Boundary markers: No specific delimiters or safety instructions are provided to the agent to treat audited code as untrusted data or to ignore embedded instructions.
- Capability inventory: The skill operates with file system access and local command execution capabilities.
- Sanitization: Content from the audited codebase is processed without explicit sanitization or filtering.
- [SAFE]: The skill is a legitimate security utility intended for defensive analysis, and its operational methods are standard for its stated purpose.
Audit Metadata