cve-vulnerability-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted text from the NVD and GitHub APIs.
- Ingestion points: fetch_cve_details.py (NVD API) and check_github_issues.py (GitHub API).
- Boundary markers: None identified in the report templates or scripts.
- Capability inventory: Subprocess execution of provided Python scripts, network requests via the requests library, and local file writing for generated reports.
- Sanitization: No specific sanitization or filtering of external content before interpolation into reports is visible in the provided scripts.
- [COMMAND_EXECUTION]: The skill executes local Python scripts (fetch_cve_details.py, check_github_issues.py, analyze_version_compatibility.py, generate_report.py) to automate the analysis workflow as described in the SKILL.md documentation.
- [EXTERNAL_DOWNLOADS]: The skill fetches vulnerability data from the National Vulnerability Database (NVD) and searches GitHub Issues using official APIs. These are recognized well-known services and the references are documented neutrally.
Audit Metadata