serverless
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed as a security auditing tool and does not contain any malicious logic, obfuscation, or unauthorized data access patterns.
- [COMMAND_EXECUTION]: The skill utilizes local command-line tools including semgrep, checkov, and tfsec. These are standard security scanners used as intended within the context of the skill's primary purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user code for analysis.
- Ingestion points: The skill reads source code from function handlers, infrastructure-as-code templates (YAML/HCL), and IAM policy files.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are specified when processing target files.
- Capability inventory: The skill executes subprocess commands for external scanners and performs logic-based code analysis through the agent.
- Sanitization: No sanitization or filtering of the analyzed file content is documented before it is ingested into the agent context.
Audit Metadata