Skills
skills/elizaos/eliza/security-audit-context-building/Gen Agent Trust Hub

security-audit-context-building

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash utilities including find, cat, and grep to perform local tech stack discovery and locate files potentially containing sensitive information (e.g., .env, .yaml, .json). These commands are restricted to the local filesystem and serve the stated purpose of security auditing.
  • [PROMPT_INJECTION]: The skill processes untrusted content from the local codebase (e.g., package manifest files and git logs), creating a surface for indirect prompt injection.
  • Ingestion points: Reads content from package.json, .env filenames, and repository history via git log.
  • Boundary markers: No explicit delimiters are used to separate file content from agent instructions.
  • Capability inventory: Uses Bash tools (find, cat, grep, git) for context building.
  • Sanitization: No validation or sanitization of file content is performed prior to processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 03:52 PM