fortify-fod
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the packaging of local source code into ZIP archives using
fcli_fod_action_packagefor subsequent security analysis. - [COMMAND_EXECUTION]: The skill manages the lifecycle of remote security scans (SAST, SCA, DAST) by configuring and triggering execution on the Fortify on Demand platform.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Fortify on Demand platform, including vulnerability categories, locations, and audit comments. This data is used to formulate remediation advice, which could theoretically be influenced by malicious content stored within the security platform's records (Indirect Prompt Injection). However, the skill provides clear guidance on identifying trusted AI-generated suggestions from 'Fortify Aviator' and uses structured parameters for data updates.
Audit Metadata