Skills
skills/elliottrjacobs/bench-skills/security-audit/Gen Agent Trust Hub

security-audit

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash and Task tools to perform tech stack detection and execute parallel security auditing agents. These capabilities are consistent with the skill's primary purpose of conducting a thorough security review of a repository.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted content from the codebase being audited.
  • Ingestion points: The Read, Glob, and Grep tools are used to ingest files across the entire codebase, including package.json, configuration files, and source code.
  • Boundary markers: The skill does not explicitly define boundary markers or instruct the sub-agents to ignore instructions found within the audited data.
  • Capability inventory: The skill has access to powerful tools including Bash, Write, and Task, which could be targeted by a malicious codebase.
  • Sanitization: There is no evidence of sanitization or escaping of the ingested code before it is passed to the parallel security agents.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 01:50 AM