security-best-practices
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill serves as a security review tool, providing guidance based on established industry standards from trusted sources such as OWASP, MDN, and official framework documentation. All external URL references target well-known, trusted domains and organizations.
- [NO_CODE]: The skill is comprised solely of markdown files and YAML configuration. It contains no executable code (.py, .js, .sh), which significantly reduces its own attack surface.
- [PROMPT_INJECTION]: The skill instructions define a surface for indirect prompt injection, which is necessary for its intended purpose of auditing external code.
- Ingestion points: The agent ingests untrusted source code and repository metadata to perform security reviews as defined in the workflow (
SKILL.md). - Boundary markers: The skill does not explicitly instruct the agent to use delimiters (like XML tags or triple backticks with specific labels) to isolate untrusted code from instructions.
- Capability inventory: The skill has the capability to write a security report to the local file
security_best_practices_report.md(SKILL.md). - Sanitization: There are no specific instructions regarding the sanitization or escaping of untrusted code content before it is included in the reasoning process or the final report.
Audit Metadata