Security Scanner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of markdown documentation and YAML metadata. No executable scripts (.py, .js, .sh), binaries, or automation logic are provided in the submitted files.\n- [Indirect Prompt Injection] (LOW): The skill has a high-risk data ingestion surface based on its primary function as a security scanner.\n
- Ingestion points: Processes external code repositories and infrastructure environments through triggers like 'Scan code [repo]' and 'Security audit [environment]'.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the scanned data are defined.\n
- Capability inventory: Claims to perform SAST, dependency checks, secrets detection, and network scans (though the logic is not implemented in this skill file).\n
- Sanitization: No evidence of input sanitization or validation logic for the content being scanned.
Audit Metadata