aif-security-checklist
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local bash script
scripts/audit.shwhich usesgrepandnpm auditto scan for hardcoded secrets, environment variables tracked in Git, and vulnerable dependencies. - [DATA_EXPOSURE]: The audit script searches for common sensitive patterns such as
password,api_key, andtokenwithin the local project code to notify the developer of potential exposures. - [PROMPT_INJECTION]: The skill includes comprehensive reference material (
PROMPT-INJECTION.md) to help the agent and developer identify and mitigate both direct and indirect prompt injection vulnerabilities in their applications. - [EXTERNAL_DOWNLOADS]: The skill uses
npm auditto check for dependency vulnerabilities, which is a standard security practice and communicates with official package registries.
Audit Metadata