secure-code-guardian
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- SAFE (LOW): The skill is designed with a defensive posture, specifically instructing the agent to assume all input is malicious and to enforce secure coding standards (e.g., OWASP Top 10 prevention, bcrypt/argon2 hashing, parameterized queries).
- Prompt Injection (LOW): No evidence of malicious overrides or bypass attempts. The instructions are focused on hardening the agent's behavior against external threats.
- Data Exposure & Exfiltration (SAFE): The skill does not perform network operations, access sensitive local system paths, or contain hardcoded credentials.
- Indirect Prompt Injection (INFO): The skill is designed to process user-provided code for security reviews. While it lacks explicit boundary markers for this data, its capabilities are restricted to generating text/code output, presenting a negligible risk profile.
Audit Metadata