code-audit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted source code from the project being audited, which creates an indirect prompt injection surface. This is a characteristic of security analysis tools where malicious content in analyzed files could attempt to influence agent behavior. Ingestion points include reading configuration and source files in SKILL.md (Steps 1, 3, and 4) via cat and grep. Boundary markers and sanitization are absent, as the agent is instructed to read raw source code for logic review. The capability inventory is limited to filesystem inspection and writing a report to the designated output directory.
- [COMMAND_EXECUTION]: The skill utilizes standard utility commands including ls, cat, find, and grep to perform its primary function of project structure discovery and pattern-based vulnerability scanning. These operations are scoped to the project root and are necessary for static code analysis.
- [DATA_EXFILTRATION]: The skill identifies and accesses sensitive files such as .env, .pem, and .key to check for potential credential leakage within the audited project. This behavior is essential to its purpose as a security auditor. No mechanisms for network transmission or external data exfiltration were detected; findings are compiled into a Markdown report saved to a local output path.
Audit Metadata