security-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its core functionality of reading and processing untrusted file content from the local codebase.\n
- Ingestion points: The
scanProjectfunction insrc/lib.tsrecursively reads the contents of files with common extensions (.js, .ts, .json, .yaml, .yml, .md, .env) in the target directory.\n - Boundary markers: There are no boundary markers or instructions to the agent to distinguish between file content and its own instructions.\n
- Capability inventory: The skill is restricted to reading local files and returning regex matches; it does not have the ability to execute system commands, evaluate code, or access the network.\n
- Sanitization: File content is read and processed via regular expressions without any prior filtering or sanitization.\n- [SAFE]: The skill performs local static analysis only and does not execute or evaluate the files it scans.\n- [SAFE]: No network operations, external downloads, or unauthorized data exfiltration patterns were detected in the source code.\n- [SAFE]: The code uses standard Node.js APIs and local workspace dependencies, with no evidence of obfuscation or malicious persistence mechanisms.
Audit Metadata