command-injection-anti-pattern
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE] (SAFE): The skill is entirely composed of markdown documentation. It serves as a knowledge base for an AI agent to recognize insecure coding patterns (CWE-78).
- [NO_CODE] (SAFE): There are no executable files or scripts associated with this skill. All code snippets are contained within markdown code blocks intended for reference, not execution.
- [COMMAND_EXECUTION] (SAFE): While the documentation discusses command execution and includes examples of vulnerable functions (e.g., os.system, child_process.exec), these are clearly marked as anti-patterns to be avoided. The skill itself does not invoke these commands.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references reputable security resources (OWASP, CWE, PortSwigger) via URLs in the documentation, which is standard for educational content.
Audit Metadata