race-conditions
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified in the skill. It operates as a passive auditor, analyzing target source code using predefined patterns and tools.
- [COMMAND_EXECUTION]: The skill executes standard, well-known security auditing tools including
semgrep,go vet, andbandit. These commands are used for their intended purpose of static analysis on a target directory and do not involve arbitrary or untrusted command execution. - [PROMPT_INJECTION]: The skill's instructions are focused on its primary auditing task and do not contain any attempts to bypass AI safety filters or override system-level instructions.
- [DATA_EXPOSURE]: There is no evidence of the skill accessing or exfiltrating sensitive local data, environment variables, or credentials. It correctly focuses on scanning target application logic rather than the agent's environment.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests external source code for analysis, which is an intended functionality. It mitigates risks by relying on structured tool output (e.g., JSON from semgrep) and specific manual checklists. (Ingestion: target source code; Boundaries: structured output schemas; Capabilities: semgrep, go vet, bandit; Sanitization: findings normalization).
Audit Metadata