Skills
skills/bagelhole/devops-security-agent-skills/security-automation/Gen Agent Trust Hub

security-automation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): The skill defines several Indirect Prompt Injection surfaces where untrusted data influences high-privilege actions.
  • Ingestion points: The remediate_public_s3 function ingests bucket_name, and the SOAR playbook ingests data from external alert objects.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the templates.
  • Capability inventory: The skill utilizes boto3 for S3 bucket configuration changes, Cloudflare API for IP blocking, and IAM-like actions for disabling users.
  • Sanitization: There is no evidence of input validation or sanitization for the data processed from alerts or resource names.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The provided GitHub Action templates reference external actions from non-whitelisted repositories: trufflesecurity/trufflehog@main, returntocorp/semgrep-action@v1, and aquasecurity/trivy-action@master.
  • [COMMAND_EXECUTION] (LOW): The documentation includes templates for executing shell commands such as npm audit and checkov, which are standard security tools but represent local command execution capabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:33 PM