skills/jeremylongshore/claude-code-plugins-plus-skills/finding-security-misconfigurations/Gen Agent Trust Hub
finding-security-misconfigurations
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill identifies and processes untrusted external data (IaC templates, application configs) which creates a vulnerability surface for indirect prompt injection.
- Ingestion points: Reads infrastructure-as-code templates (.tf, .yaml, .json), application configuration files (.yml, .json, .env), and container definitions from the local filesystem.
- Boundary markers: Absent; there are no instructions provided to distinguish between data and potential malicious commands within the scanned files.
- Capability inventory: The skill utilizes
Read,Write,Edit,Grep, andBashtools to execute its logic. - Sanitization: No sanitization or validation mechanisms are described for the content extracted from the analyzed files.
- [EXTERNAL_DOWNLOADS]: The skill references and recommends the use of reputable industry-standard security tools (such as tfsec, checkov, and trivy) and documentation from trusted organizations like OWASP, CIS, and MITRE.
Audit Metadata