security-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted code snippets which introduces an indirect prompt injection surface where malicious instructions could be embedded in the audited source code. \n
- Ingestion points: Code is read from the local environment using the Read, Grep, Glob, and git diff tools.\n
- Boundary markers: The skill does not define specific delimiters to separate the audited code from the analysis instructions.\n
- Capability inventory: The skill has access to the Bash tool for command execution and multiple LLM bridges for analysis.\n
- Sanitization: No sanitization is performed on the ingested code before it is passed to the LLM for security review.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run industry-standard security audit commands, including composer audit, npm audit, and php artisan route:list. These operations are consistent with the skill's primary purpose and represent safe usage of the available tools.
Audit Metadata