security-reviewer
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions for the use of powerful command-line utilities via the
Bashtool, including network reconnaissance (nmap, dig, subfinder), vulnerability exploitation frameworks (sqlmap), and cloud provider interfaces (aws, gcloud, az). - [EXTERNAL_DOWNLOADS]: The reference documentation includes commands to install numerous security analysis tools from public registries like npm, PyPI, and GitHub. These include standard industry utilities such as Semgrep, Bandit, and Trivy, which are fetched from well-known sources during the setup of the security environment.
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted source code and infrastructure logs, creating a surface for indirect prompt injection (Category 8).
- Ingestion points: The agent processes external codebase data and tool outputs using the
Read,Grep, andGlobtools. - Boundary markers: The instructions do not define explicit delimiters or security markers to help the agent distinguish between its own instructions and the data it is analyzing.
- Capability inventory: The agent has full access to the host system's
Bashenvironment and potential access to cloud infrastructure credentials, which could be targeted by instructions hidden in scanned files. - Sanitization: The skill lacks logic for sanitizing or filtering input data before it is presented to the language model for review.
Audit Metadata