security-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It is designed to ingest and analyze untrusted external source code, but lacks boundary markers or explicit instructions to treat scanned content as data rather than instructions. An attacker can embed malicious prompts in code comments or strings to manipulate the agent's behavior.
- [COMMAND_EXECUTION] (HIGH): The skill is explicitly granted access to the
bashandgittools. When combined with the high-risk ingestion of untrusted code, this creates a critical capability tier where an injected prompt can trigger arbitrary command execution on the host environment. - [EXTERNAL_DOWNLOADS] (LOW): The skill's purpose involves auditing dependencies and git repositories. While no malicious URLs are hardcoded, the inherent nature of checking remote packages involves network-exposed operations that should be monitored.
Recommendations
- AI detected serious security threats
Audit Metadata