integrity
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate security analysis tool that maps to industry-standard frameworks such as OWASP, CWE, and STRIDE. It provides structured remediation guidance and focuses on identifying vulnerabilities in user-provided codebases.
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection because it processes untrusted source code and configuration files.
- Ingestion points: The skill reads file contents from the project directory, including CI/CD workflows and dependency manifests (SKILL.md).
- Boundary markers: There are no explicit instructions or delimiters used to isolate analyzed code from the agent's instructions.
- Capability inventory: The skill can execute local security scanners like
semgrep,trivy, andbanditvia subprocess calls (SKILL.md). - Sanitization: No sanitization or escaping is performed on the input code before it is analyzed by the LLM.
- Context: This risk is inherent to all security auditor skills and is considered safe given the intended purpose and structured workflow.
Audit Metadata