security-checklist
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Command Execution (SAFE): The skill executes a local script (
security-scan.sh) that uses standard command-line utilities likegrepto perform static analysis on source code. No dangerous commands or privilege escalation attempts were detected. - Data Exposure & Exfiltration (SAFE): While the script reads local files to identify potential security issues, it lacks any network capabilities (e.g.,
curl,wget, orfetch) to send that data to an external server. - Remote Code Execution (SAFE): No remote scripts are downloaded or executed. The skill provides suggestions for using established tools like Maven for vulnerability checks but does not perform automated external installations.
- Indirect Prompt Injection (SAFE): The skill ingests untrusted code from the filesystem during its scan process. 1. Ingestion points: The
security-scan.shscript reads files in the specifiedSCAN_TARGETdirectory. 2. Boundary markers: None are present in the script's grep output. 3. Capability inventory: The script is limited to read operations and printing results to the console. 4. Sanitization: No sanitization is performed on the content of scanned files. However, given the limited capabilities, the risk of the agent being manipulated through the scan output is negligible.
Audit Metadata