Skills
skills/affaan-m/everything-claude-code/security-scan/Gen Agent Trust Hub

security-scan

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the ecc-agentshield package from the NPM registry to perform its analysis. This package is maintained by the skill's author, affaan-m.
  • [COMMAND_EXECUTION]: The skill uses npx to execute scanning, initialization, and repair commands through the ecc-agentshield CLI utility.
  • [PROMPT_INJECTION]: The skill contains an analysis surface for indirect prompt injection as it scans local files like CLAUDE.md and agents/*.md which may contain untrusted content. The tool's primary purpose is to identify and report these risks as vulnerabilities.
  • Ingestion points: Local configuration and markdown files in the .claude/ directory.
  • Boundary markers: None explicitly defined in the skill documentation.
  • Capability inventory: Subprocess execution of the ecc-agentshield CLI tool.
  • Sanitization: The tool performs static analysis on files to detect patterns; execution of the analyzed content is not part of the documented flow.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 05:17 AM