security-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill instructs the agent to explicitly look for and follow overrides or bypasses found within the project's own documentation and prompt files.
- Ingestion points: Processes codebase files, project documentation, and local prompt files.
- Boundary markers: No specific delimiters or warnings are mentioned to distinguish between the agent's core safety instructions and instructions found in untrusted analyzed data.
- Capability inventory: File writing (
security_best_practices_report.md) and Git operations (performing fixes and commits). - Sanitization: No sanitization or validation of the external project instructions is mentioned.
- [Data Exposure] (SAFE): The skill accesses the local codebase to perform security audits. This is the primary intended function. No evidence of unauthorized data exfiltration to external domains was found.
- [General Security Advice] (SAFE): The skill includes specific advice regarding TLS and HSTS that discourages reporting their absence in development environments. While this reduces the strictness of the audit, it is presented as a usability trade-off rather than a malicious instruction.
Audit Metadata