gc-review-security
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were found in the skill definitions. The skill is purely defensive and provides guidance for identifying vulnerabilities like IDOR, SQL injection, and PII leaks.
- [SAFE]: The skill represents a surface for indirect prompt injection as it ingests untrusted code for analysis. 1. Ingestion points: User-provided codebase areas via Read, Grep, and Glob tools. 2. Boundary markers: None explicitly defined. 3. Capability inventory: Restricted to file system discovery and reading (Read, Grep, Glob); no network access, write permissions, or code execution capabilities. 4. Sanitization: None performed on analyzed content. This surface is considered safe due to the highly restricted toolset that prevents the agent from performing harmful actions even if malicious instructions are encountered in the reviewed code.
Audit Metadata