security-scan-dependencies
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements a defensive mechanism by instructing the agent to ignore all command-line arguments. It requires the agent to use the AskUserQuestion tool for input gathering, effectively mitigating direct prompt injection attempts via arguments. However, the skill processes untrusted data from external websites, creating a surface for indirect prompt injection.
- Ingestion points: Website HTML content, script files, and HTTP response headers fetched from user-provided URLs.
- Boundary markers: Absent; the instructions do not specify the use of delimiters to separate untrusted data from agent instructions during parsing.
- Capability inventory: Access to Bash (via curl), Write (for report generation), and specialized subagents.
- Sanitization: No explicit sanitization or escaping of the fetched content is required before parsing or reporting.
- [EXTERNAL_DOWNLOADS]: The skill correctly uses WebFetch and curl to retrieve remote website data. These downloads are directed by the user and are necessary for the skill's primary function of analyzing external security postures.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl commands. This is limited to fetching headers and content from the target URL and does not involve executing arbitrary scripts or system-level modifications.
Audit Metadata