Security Review Skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of instructional markdown and metadata. It provides guidelines for security reviews, including OWASP and STRIDE checklists, without implementing any functional code that could be exploited.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data for analysis. Ingestion points: files matching security, auth, or credential patterns in SKILL.md. Boundary markers: none defined in instructions. Capability inventory: no subprocess calls, exec/eval functions, file-write, or network operations are defined in the skill files. Sanitization: no explicit sanitization of external content is defined. The absence of actionable capabilities maintains a safe posture.
Audit Metadata