skill-evaluator
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The scripts
security_scan.js,security_scan.py, andsecurity_scan.shcontain strings matching high-risk command execution patterns. These are used strictly as search criteria to identify vulnerabilities in target code and are not called as executable code within the scripts' operational logic. - PROMPT_INJECTION (SAFE): The
references/security-scan-llm.mdfile contains several examples of prompt injection techniques. These are clearly contextualized as reference material for teaching an LLM to identify such attacks and do not attempt to manipulate the host agent's system prompt. - DATA_EXFILTRATION (SAFE): Although regex signatures for detecting external data transmission are present, the tool's scripts contain no network-capable code. Findings are only emitted to standard output, and no sensitive data is transmitted off-host.
- EXTERNAL_DOWNLOADS (SAFE): The skill does not reference or download any external packages or scripts. It relies on standard libraries and system utilities already present in the user environment.
Audit Metadata