file-upload
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is dedicated to security auditing, specifically focusing on file upload vulnerabilities such as CWE-434 and CWE-22. It provides accurate guidance for identifying and fixing these issues.
- [COMMAND_EXECUTION]: The skill uses subprocesses to run standard security tools like semgrep, bandit, and brakeman on local source code for auditing purposes. These are well-known security utilities and their use here is legitimate for the stated purpose.
- [SAFE]: No evidence of prompt injection, data exfiltration, obfuscation, or persistence mechanisms was found in the skill metadata or body.
- [SAFE]: The ingestion of untrusted source code represents an indirect prompt injection surface, but the risk is mitigated as the skill uses these inputs solely for security scanning and does not exhibit exploitable behavior.
Audit Metadata