security
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The skill defines a structured workflow for performing security audits. Its instructions are consistent with its stated purpose of assisting in vulnerability assessments and threat modeling.
- Indirect Prompt Injection (SAFE): The skill contains a mechanism to read project-specific learnings from a local file (
.specweave/skill-memories/security.md). While this is a data ingestion point, it is a standard pattern for persistent agent memory. - Ingestion points:
.specweave/skill-memories/security.md(read viacatcommand). - Boundary markers: Absent; the content of the memory file is treated as direct context.
- Capability inventory:
Bash,Read,Greptools are available to the agent. - Sanitization: Absent; the skill relies on the integrity of the local filesystem and the
.specweavedirectory. - Command Execution (SAFE): The skill utilizes
Bashto check for local memory files. The command is hardcoded and limited to reading a specific file path within the project structure, posing no risk of arbitrary execution or privilege escalation.
Audit Metadata