static-vulnerability-detector
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill's instructions or logic. The skill functions as a static analysis assistant.
- [PROMPT_INJECTION]: The skill processes untrusted source code for analysis, creating a potential surface for indirect prompt injection (Category 8). 1. Ingestion points: Code snippets provided for review in the
SKILL.mdworkflow. 2. Boundary markers: No specific delimiters or 'ignore' instructions are defined for processing input. 3. Capability inventory: Minimal; the skill only generates markdown text and does not require execution or network permissions. 4. Sanitization: None identified. This surface is considered safe given the skill's intended use and restricted output capabilities. - [CREDENTIALS_UNSAFE]: The dummy credentials (e.g., 'admin123', 'sk-1234567890') found in
references/cwe_patterns.mdandreferences/examples.mdare used solely as examples for detection heuristics and do not represent a credential exposure risk.
Audit Metadata