Skills
skills/diego-tobalina/vibe-coding/security-check/Gen Agent Trust Hub

security-check

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard diagnostic commands such as grep and git to search for security vulnerabilities within a codebase. This functionality is essential to the skill's primary purpose.
  • [EXTERNAL_DOWNLOADS]: The skill recommends the use of industry-standard security tools including detect-secrets and dependency-check. These utilities are referenced from well-known package registries (NPM and Maven Central) and are appropriate for the intended security audit tasks.
  • [PROMPT_INJECTION]: The skill's function involves analyzing untrusted source code, which creates a surface for indirect prompt injection attacks.
  • Ingestion points: Source code content is accessed via Read, Grep, and Glob tools.
  • Boundary markers: There are no explicit delimiters defined in the instructions to separate audited data from agent instructions.
  • Capability inventory: The skill has access to the Bash tool for running commands and the Read tool for file access.
  • Sanitization: The skill utilizes specific search patterns (e.g., grep) which naturally limit the risk of accidental execution of embedded instructions, relying on the agent's internal safety filters during the audit process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:27 AM