security-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill serves as a procedural guide for security code reviews, providing educational templates and examples for identifying common vulnerabilities like those in the OWASP Top 10. The code snippets provided are clearly distinguished as either vulnerable or secure for instructional purposes.
- [SAFE]: External references point to trusted organizations such as OWASP and CWE. Recommended tools like Bandit and pip-audit are standard, reputable security scanners.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it is designed to analyze untrusted code snippets provided by users.
- Ingestion points: Source code and configuration files provided to the agent for security review as part of the workflow described in SKILL.md.
- Boundary markers: None specified; the skill lacks instructions for the agent to utilize delimiters to isolate user-provided code from the analysis instructions.
- Capability inventory: The skill workflow suggests executing automated security tools (e.g., bandit, pip-audit) via a shell context, which could be influenced by malicious content in the code under review.
- Sanitization: No input validation, filtering, or sanitization steps are defined for the code being ingested.
Audit Metadata