security-review
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a defensive tool intended for security auditing. While it contains numerous examples of malicious code patterns (such as SQL injection, hardcoded secrets, and insecure deserialization), these are provided as educational reference material for identifying vulnerabilities in external codebases.
- [COMMAND_EXECUTION]: The skill utilizes powerful tools including 'Bash', 'Grep', and 'Task'. These are intended for searching and reading files within the local codebase to build confidence in security findings, which is consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user-provided code and diffs. However, the instructions provide a functional safeguard by requiring systematic research and 'HIGH CONFIDENCE' verification before reporting any finding.
Audit Metadata