security-review
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [SAFE]: Automated scanner flags for
eval_with_user_input,reverse_shell_pattern, andobfuscated_exec_chainin files likeSKILL.md,references/supply-chain.md, andlanguages/python.mdare confirmed false positives. These snippets are presented as code blocks within markdown documentation to serve as reference patterns for the agent to identify during security audits. They are not invoked or executed by the skill itself. - [COMMAND_EXECUTION]: The skill utilizes
BashandTasktools as allowed in the YAML frontmatter. These tools are used for legitimate discovery and auditing purposes, such as searching the filesystem withGrepandGlobto trace data flow in the user's codebase. - [PROMPT_INJECTION]: The skill's primary function is to audit user-provided code, which constitutes an indirect prompt injection surface (Category 8). The skill proactively addresses this risk in
references/modern-threats.md, where it provides specific instructions for identifying and validating prompt injection attempts. The core instructions emphasize research and confidence-based reporting to ensure the agent is not misled by content in the files it analyzes. - [DATA_EXFILTRATION]: While the skill contains references to data exfiltration and credential theft (e.g., in
references/data-protection.mdandreferences/api-security.md), these are documented as vulnerabilities to find in other applications. The skill does not perform any unauthorized network requests or sensitive file access on its own. - [NO_CODE]: The skill contains no executable scripts, binaries, or source code for runtime execution. It is composed entirely of declarative instructions and reference material meant to guide the agent's analysis behavior.
Audit Metadata