cursor-compliance-audit
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run secret scanning utilities such as 'trufflehog' and 'git secrets' against the local filesystem, as specified in 'references/audit-tools.md'.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. Evidence: 1. Ingestion points: Files are read and processed via 'cat', 'find', and 'trufflehog' commands (references/audit-tools.md). 2. Boundary markers: None are specified to distinguish between skill instructions and data from audited files. 3. Capability inventory: The skill has access to 'Bash(cmd:*)', 'Read', 'Write', and 'Edit' tools (SKILL.md). 4. Sanitization: No sanitization, escaping, or validation of the ingested file content is performed. This surface could allow malicious instructions within a codebase to influence the agent behavior.
Audit Metadata