security-audit
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured security auditing process using industry-standard frameworks (OWASP and STRIDE). All operations are transparent and well-documented.
- [COMMAND_EXECUTION]: The skill uses Bash to run local security scanners such as
npm audit,pip-audit, andgovulncheck. It also usesgrepto scan for hardcoded secrets and common vulnerability patterns (e.g., SQL injection, insecure configuration). These actions are appropriate and necessary for the skill's primary function as a security auditor. - [DATA_EXFILTRATION]: Although the skill accesses sensitive files such as
.envand private keys, it does so for the purpose of identifying leaked credentials. All findings are consolidated into local JSON reports within the.workflow/.security/directory. No network operations were found that would exfiltrate this data to external domains. - [PROMPT_INJECTION]: The skill includes checks for prompt injection vulnerabilities in the target codebase, but does not contain any instructions aimed at overriding agent behavior or bypassing safety filters itself.
Audit Metadata