arch-security-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Safe] (SAFE): Educational Vulnerability Guidance. The skill contains instructional C# code snippets demonstrating common vulnerabilities (e.g., SQL injection, insecure deserialization) alongside their secure counterparts. These are clearly labeled and intended for training/auditing.
- [Safe] (SAFE): Local Security Scanning. Bash commands for secret discovery and dependency checks utilize standard utilities like 'grep' and the 'dotnet' CLI to analyze local project files.
- [Prompt Injection] (SAFE): Indirect Prompt Injection Surface. The skill ingests untrusted code for review (Ingestion points: Read, Grep, Glob) and possesses high capabilities (Bash, Task, Write, Edit). While this constitutes an attack surface, it is dropped from LOW to SAFE as it is essential to the primary purpose of a security audit skill. Evidence Chain: 1. Ingestion: File read tools. 2. Boundary markers: Absent. 3. Capabilities: Full filesystem and shell access. 4. Sanitization: Absent.
Audit Metadata