security-scan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection because it is designed to ingest and interpret data from untrusted codebases.\n
- Ingestion points: The skill identifies project types and parses source code, configuration files (e.g.,
.security-scan.yaml), and dependency manifests (e.g.,package.json,requirements.txt) as described in the Scan Execution Protocol inSKILL.md.\n - Boundary markers: The instructions do not specify any boundary markers (such as XML tags or unique delimiters) to separate the analyzed code from the agent's instructions, nor do they include warnings for the agent to ignore embedded commands.\n
- Capability inventory: The skill uses file reading for analysis, file writing via the
/security-scan --fixcommand for remediation, and potential execution of external tools likenpm audit.\n - Sanitization: No content sanitization or validation of the external data is mentioned in the provided documentation.\n- [COMMAND_EXECUTION] (LOW): The skill directs the agent to execute external security auditing tools as part of the scan process.\n
- Evidence: The documentation in
references/owasp/a04-a10-additional.mdexplicitly lists commands for the agent to run, such asnpm audit,pip-audit,safety check, andbundler-audit check. Given the primary purpose is security analysis, this is a standard but noteworthy capability.
Audit Metadata