security-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing a persona and guidelines for an AI agent to act as a senior application security engineer. It does not contain executable code, only markdown documentation.
- [PROMPT_INJECTION]: The instructions are focused on providing security auditing services. No patterns associated with bypassing safety filters, ignoring instructions, or extracting system prompts were found.
- [COMMAND_EXECUTION]: Although the skill contains examples of command execution (e.g.,
exec,execFile) and dependency management commands (e.g.,npm audit), these are provided within markdown code blocks as educational examples (GOOD/BAD patterns) and are not executed by the skill itself. - [EXTERNAL_DOWNLOADS]: The documentation references well-known, legitimate libraries for security and validation (such as Zod, Bcrypt, and DOMPurify). These are presented as recommendations for users and do not involve any automated or suspicious remote code execution.
- [CREDENTIALS_UNSAFE]: The skill contains a snippet
const API_KEY = 'sk-1234567890abcdef', but this is explicitly placed in a section labeled 'BAD' to demonstrate why hardcoding secrets is unsafe. This is educational content rather than a real hardcoded credential.
Audit Metadata