logging
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a robust workflow for auditing security logging and monitoring failures, following OWASP A09:2021 guidelines. It correctly identifies security-critical code paths such as authentication modules and error handlers for inspection.
- [PROMPT_INJECTION]: The skill processes untrusted source code as its primary input, which creates a surface for indirect prompt injection. This is a known risk for code analysis tools, mitigated by the agent's internal safety guardrails.
- Ingestion points: Workflow steps 1 and 4 read third-party code files from the user's repository.
- Boundary markers: No specific delimiters are used to wrap the untrusted code before analysis.
- Capability inventory: The skill uses security scanners (Semgrep, Bandit) and manual logic analysis to identify vulnerabilities.
- Sanitization: Input code is not sanitized or filtered prior to analysis.
Audit Metadata