security-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill references local documentation paths (e.g.,
docs/security-report-client.md) for storing audit results. It does not attempt to access sensitive system files or environment variables. - [Remote Code Execution] (SAFE): No remote script downloads or piped execution patterns were identified. The methodology focuses on manual code review and documentation.
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze external codebases, which constitutes an attack surface for indirect prompt injection. However, the structured methodology (checklists, dual documentation requirements, and mandatory clarifying questions) provides a framework that mitigates accidental obedience to embedded instructions in the analyzed data.
- [Command Execution] (SAFE): The skill uses instructional language for ticket creation and documentation. It does not contain shell commands or subprocess spawning for system modification.
Audit Metadata