raven-investigate
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard system discovery commands such as
ls,find, andgrepto map codebase architecture and identify technical stacks. It also invokes specialized security audit utilities includingnpm audit,pip audit,govulncheck, andcargo audit. These operations are strictly aligned with the skill's primary function of security assessment. - [EXTERNAL_DOWNLOADS]: The audit tools utilized by the skill (e.g.,
npm audit,pip audit) typically interact with official and trusted package registries to retrieve vulnerability data. These network requests are directed at well-known services and are necessary for the skill's auditing tasks. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and processes arbitrary content from untrusted external codebases.
- Ingestion points: The skill reads a wide variety of files, including source code, README files, and configuration manifests, to identify security risks.
- Boundary markers: Although the sub-agent prompts define a specific "security auditor" persona, the skill does not use explicit boundary markers or "ignore embedded instructions" warnings when interpolating untrusted file content into agent prompts.
- Capability inventory: The skill possesses capabilities for command execution and the generation of parallel sub-tasks through a
Tasktool. - Sanitization: There is no specific sanitization logic described for the data ingested from the codebases before it is passed to the sub-agents for analysis.
Audit Metadata