Skills
skills/housegarofalo/claude-code-base/security-scanner/Gen Agent Trust Hub

security-scanner

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes an installation script for Trivy from the official GitHub repository of Aqua Security, a well-known security vendor.
  • [REMOTE_CODE_EXECUTION]: Recommends deploying a Kubernetes job for kube-bench using a manifest hosted on the official Aqua Security GitHub repository.
  • [EXTERNAL_DOWNLOADS]: Instructions include installing various security utilities such as Snyk, Semgrep, Bandit, Checkov, and Nuclei using standard package managers (npm, pip, go) from their respective official repositories.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and process untrusted data from external git repositories and local filesystems.
  • Ingestion points: trivy repo, trivy fs, snyk test, semgrep, bandit, and checkov commands.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded prompts in scanned files are provided.
  • Capability inventory: The skill facilitates the execution of various security scanning binaries via subprocess shell commands.
  • Sanitization: No explicit sanitization or input validation logic is described for the external repository URLs or file paths processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 11:09 AM