security
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to perform security audits and remediation. It utilizes
grepto scan the local codebase for sensitive patterns (secrets, dangerous APIs, unvalidated inputs) andpnpmto manage dependencies. These actions are performed locally and align with the skill's stated purpose. - [EXTERNAL_DOWNLOADS]: The skill recommends the installation of standard, well-known security libraries like
dompurifyandzodvia the package manager. These packages are widely recognized as safe and are used here to improve application security. - [PROMPT_INJECTION]: As the skill is designed to read and process local source code, it possesses an inherent indirect prompt injection surface. A malicious codebase could potentially contain comments designed to influence the agent's behavior. However, the skill provides a clear, step-by-step procedural framework that limits the likelihood of the agent deviating from its security audit tasks.
Audit Metadata