sarif-tools
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill installs the 'sarif-tools' package from PyPI. The source repository is located under the 'microsoft' GitHub organization, which is a verified trusted source.
- PROMPT_INJECTION (LOW): This skill has an indirect prompt injection surface because it processes SARIF files from external scanners which may contain attacker-controlled strings. 1. Ingestion points: 'sarif summary [file]', 'loader.loader()'. 2. Boundary markers: Absent. 3. Capability inventory: CLI execution, programmatic SARIF loading, and file export (CSV/HTML/Word). 4. Sanitization: Not specified.
Audit Metadata