pasta-vulns
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to analyze untrusted source code and configuration files.
- Ingestion points: Source code and configuration files targeted by the --scope flag in Step 1.
- Boundary markers: The instructions do not define specific delimiters or ignore instructions to prevent the agent from being influenced by malicious content within analyzed files.
- Capability inventory: The skill executes system-level security scanners and reads file content.
- Sanitization: No explicit sanitization or filtering of the ingested file content is mentioned prior to analysis.
- [COMMAND_EXECUTION]: The skill invokes several external security tools via the system shell.
- Evidence: Steps 2 and 3 of the workflow involve checking for and running scanners such as semgrep, bandit, gosec, brakeman, npm audit, trivy, and gitleaks. These are well-known, industry-standard security tools used for their intended purpose.
Audit Metadata