pentest-supply-chain
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and analyze untrusted third-party configuration files, manifests, and CI/CD workflow definitions. This creates an inherent surface for indirect prompt injection where malicious data in a target repository could attempt to influence the agent's behavior.
- Ingestion points: Target files such as
package.json,requirements.txt, and GitHub Actions workflow YAMLs. - Boundary markers: The prompt does not define explicit delimiters to isolate external data from command instructions.
- Capability inventory: The skill utilizes various security scanners (
snyk_test,trivy_scan,semgrep_supply_chain) to process filesystem data. - Sanitization: Relies on the logic of the external tools and the agent's internal safety filters. Given this is the primary purpose of the skill, the severity is downgraded to SAFE.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references standard, reputable security industry tools (Snyk, Trivy, Grype, Syft, Semgrep). It provides function signatures for these tools but does not contain untrusted download/execution strings or piped shell commands.
Audit Metadata