arch-security-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill is designed to ingest and analyze external code for security reviews. While this creates an ingestion surface for potential indirect prompt injection, it is the fundamental purpose of the skill. No exploitable interpolation patterns or missing boundary markers were identified in the workflow instructions.
- [Data Exposure & Exfiltration] (SAFE): The skill contains commands to search for hardcoded secrets (e.g., grep for 'password' or 'apikey'). These are diagnostic tools used locally to identify existing vulnerabilities in the code being reviewed and do not involve unauthorized data access or external exfiltration.
- [Unverifiable Dependencies] (SAFE): Includes instructions to run '.NET' security audits using 'dotnet list package --vulnerable'. This is a best-practice security operation using official platform tools.
Audit Metadata