security-auditor
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill's core function is to analyze untrusted external data (source code in the workspace), creating a high-risk surface for indirect injection attacks.
- Ingestion points: The execution protocol in
SKILL.mdinstructs the agent to run scanners on the.(current) directory. - Boundary markers: There are no specified delimiters or instructions to ignore embedded natural language commands within the code being scanned.
- Capability inventory: The skill utilizes
nodeandpythonsubprocess execution, which could be abused if the agent is misled by instructions found in the audited code. - Sanitization: No sanitization or escaping mechanisms are described to prevent the agent from obeying 'instructions' found inside comments or strings of the code being audited.
- [Command Execution] (MEDIUM): The skill explicitly instructs the agent to run scripts from the filesystem using the command line.
- Evidence:
node .agent/skills/security-auditor/scripts/security_scan.js .andpython .agent/skills/security-auditor/scripts/security_scan.py .inSKILL.md. - Risk: These scripts are part of the skill's local files but were not provided for analysis. This represents an unverified execution of local code.
Audit Metadata