security-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill contains no executable scripts and provides strictly instructional content focused on security auditing. It explicitly prohibits the AI from logging or committing secrets and includes defensive measures for identifying vulnerabilities in external code.
- [PROMPT_INJECTION]: The skill is designed to process untrusted repository content and project documentation, creating a surface for indirect prompt injection. The agent is explicitly instructed to pay attention to and potentially follow instructions in project documentation that may 'override' established security practices. 1. Ingestion points: The agent is directed to inspect the repository and project documentation (SKILL.md). 2. Boundary markers: There are no explicit delimiters or warnings provided for the ingested content. 3. Capability inventory: The agent can write report files (security_best_practices_report.md), suggest code fixes, and perform git commits (SKILL.md). 4. Sanitization: No sanitization of external content is performed before processing or reporting.
Audit Metadata