skills/jeremylongshore/claude-code-plugins-plus-skills/scanning-for-vulnerabilities/Gen Agent Trust Hub
scanning-for-vulnerabilities
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Detailed review of the skill code and instructions found no malicious patterns, hardcoded credentials, or unauthorized network activity.
- [PROMPT_INJECTION]: The skill's design for processing external codebases creates a surface for indirect prompt injection.
- Ingestion points:
scripts/scan.shrecursively reads files from the input directory provided at runtime. - Boundary markers: There are no boundary markers or instructions to the agent to ignore potentially malicious embedded content within the files being scanned.
- Capability inventory: The skill has access to
Bash(cmd:*),Read,Write, andEdittools. - Sanitization: The processing script does not implement sanitization or validation of file contents before they are potentially processed by the agent.
Audit Metadata