security-auditor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The script
scripts/detect-secrets.shis vulnerable to shell command injection via the target directory path. - Evidence: The script uses
evalto execute afindcommand where the$TARGET_DIRvariable is interpolated without sanitization or escaping:eval "find '$TARGET_DIR' -type f ...". A maliciously crafted directory name (e.g.,'; touch /tmp/pwned; #') provided as the target would cause theevalcall to execute arbitrary shell commands. - File:
scripts/detect-secrets.sh - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted data with powerful capabilities.
- Ingestion points: Source code and configuration files within the
$TARGET_DIRscanned by thefull-audit.shanddetect-secrets.shscripts. - Boundary markers: Absent. The scripts do not utilize delimiters or explicit instructions to prevent the agent from interpreting malicious instructions found within the scanned codebase.
- Capability inventory: The skill possesses shell execution capabilities (via
Bashfornpm audit,pip-audit,find, andgrep) and performs extensive directory traversal and file reading. - Sanitization: Absent. Input variables like
$TARGET_DIRand the contents of scanned files are processed without validation or sanitization. - File:
scripts/full-audit.sh,scripts/detect-secrets.sh - Metadata Poisoning (MEDIUM): The skill documentation is misleading regarding its functional completeness.
- Description:
SKILL.mdandfull-audit.shreferencescripts/owasp-check.pyandscripts/generate-report.pyas core components for OWASP compliance auditing and report generation. These files are not present in the package, meaning the skill cannot perform its primary advertised security functions.
Recommendations
- AI detected serious security threats
Audit Metadata