vulnerability-resolver
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system commands to manage the vulnerability lifecycle, including
ghfor triggering and monitoring GitHub Actions workflows,dotnetfor package management and script execution, andgitfor committing security fixes and suppressions. - [EXTERNAL_DOWNLOADS]: The skill downloads security reports from GitHub Actions as artifacts. These downloads are performed from the project's own repository infrastructure using the GitHub CLI.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes external data from OWASP Dependency-Check reports. * Ingestion points: Security report artifacts downloaded via
gh run download(described in SKILL.md). * Boundary markers: No delimiters or instructions to ignore embedded content are used when the agent parses vulnerability descriptions. * Capability inventory: The agent can trigger GitHub workflows, modify package configuration files, and commit changes to the repository. * Sanitization: There is no evidence of sanitization or validation of the CVE description content before it is processed by the agent.
Audit Metadata