secure-flow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of well-known security scanners like
gitleaksandtrivyto audit code for secrets and vulnerabilities. These operations are essential to the skill's security-centric functionality. - [EXTERNAL_DOWNLOADS]: Fetches the Known Exploited Vulnerabilities (KEV) catalog from the official Cybersecurity and Infrastructure Security Agency (CISA) website (
cisa.gov). This is a trusted government source for security intelligence. - [INDIRECT_PROMPT_INJECTION]: The skill processes external data from security scan reports and vulnerability feeds.
- Ingestion points: Security scan JSON outputs and CISA KEV JSON feed are processed in
rules/secure-flow-fix-exploitable-vulns.mdandrules/secure-flow-security-remediation.md. - Boundary markers: No specific delimiters are used to isolate untrusted data from instructions.
- Capability inventory: The skill has the ability to execute CLI commands (
trivy,gitleaks) and modify project files to apply security patches. - Sanitization: No explicit sanitization of the JSON data content is mentioned. Note: While these factors create an injection surface, it is inherent to the skill's primary purpose and the data sources are trusted security feeds.
Audit Metadata