Skills
skills/b-open-io/prompts/code-audit-scripts/Gen Agent Trust Hub

code-audit-scripts

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file evals/benchmark.json contains hardcoded synthetic credentials including an OpenAI project key (sk-proj-...), a PostgreSQL connection string with an embedded password, and a JWT secret key used as test fixtures.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local shell scripts (parallel-audit.sh, scan-secrets.sh, scan-debug.sh, scan-todos.sh) which perform recursive file system operations using grep.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted source code and provides the content to the agent.
  • Ingestion points: Local source code files read by grep in the scan-*.sh utility scripts.
  • Boundary markers: Absent; the scripts return raw code snippets without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The agent has access to the Bash tool and can execute arbitrary shell commands via the scripts provided in the skill.
  • Sanitization: Minimal sanitization is performed via sed to escape double quotes for JSON formatting, but the actual content of the code snippets is not filtered for malicious instructions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 03:56 AM