owasp-security-review
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is strictly documentation-based, consisting only of Markdown files. It contains no executable logic, scripts, or configuration files.
- [SAFE]: Security risks mentioned in the reference files, such as hardcoded credentials or malicious commands, are provided as descriptive examples for the agent to use during audits and do not pose a threat to the environment.
- [PROMPT_INJECTION]: The skill provide a framework for analyzing untrusted external code, which represents an indirect prompt injection surface. However, the complete lack of any execution capabilities (such as file system access, network requests, or shell execution) ensures this surface is non-exploitable. 1. Ingestion points: User-provided code or architectural descriptions for review. 2. Boundary markers: No explicit delimiters or boundary instructions are defined for the untrusted content. 3. Capability inventory: None; the skill does not include any scripts or tool definitions. 4. Sanitization: None provided, as the skill relies on the underlying agent's reasoning capabilities.
Audit Metadata