Skills
skills/iuliandita/skills/security-audit/Gen Agent Trust Hub

security-audit

Fail

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install 'betterleaks', which is described as the successor to the well-known 'gitleaks' tool. There is no official record or repository for a tool named 'betterleaks' under the gitleaks author's organization. Recommending unverified third-party software under false attribution is a primary vector for supply chain attacks.
  • [PROMPT_INJECTION]: The skill uses deceptive metadata and fabricated security incidents, such as a fictional '2026-03 TeamPCP supply chain compromise' of the Trivy scanner, to influence the user's tool choices and versioning. This use of false information to override standard security practices constitutes a malicious behavioral override.
  • [COMMAND_EXECUTION]: The workflow involves executing numerous shell commands for various security scanners. The inclusion of the unverified 'betterleaks' tool within this execution flow creates a significant risk of arbitrary code execution on the local machine.
  • [DATA_EXFILTRATION]: While the skill claims to produce a local report, its design involves reading highly sensitive files, including credentials, private keys, and environment variables. The promotion of unverified tools creates a high-risk path for the exfiltration of this gathered sensitive data.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a broad attack surface as it is designed to ingest and process untrusted project data (source code, manifests, and Dockerfiles) without explicit boundary markers or sanitization logic.
  • Ingestion points: Project source code, manifest files (package.json, requirements.txt, go.mod), and environment configuration files.
  • Boundary markers: None identified; external content is processed directly by scanning tools.
  • Capability inventory: Local shell execution (semgrep, gitleaks, trivy), file system read (secrets, keys), and file system write (SECURITY-AUDIT.md).
  • Sanitization: No evidence of input sanitization or output escaping before data is processed or written to the audit report.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 6, 2026, 05:53 AM