gc-review-iam
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses system commands like
find,grep, andcatto inspect local project files. This is standard behavior for a code analysis tool and does not involve unauthorized data access or exfiltration. - [SAFE]: Diagnostic patterns are used to identify hardcoded secrets, unauthorized identity providers, and insecure cookie settings in the audited codebase. This is a core feature of the skill's security auditing function.
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk: The skill processes untrusted data from local files which may contain malicious instructions.
- Ingestion points: Files detected by
findand read viacatorgrep(e.g.,package.json, source code,.envfiles). - Boundary markers: Absent. The skill does not wrap file content in delimiters or include instructions to ignore embedded prompts.
- Capability inventory: File system enumeration (
ls,find) and file reading (cat,grep). - Sanitization: Absent. Files are read and analyzed in their raw form.
Audit Metadata