ln-760-security-setup
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill coordinates the execution of various security tools such as gitleaks and trufflehog. It also generates configuration files that define execution paths for ecosystem-specific audit tools like npm audit, pip-audit, and dotnet list package --vulnerable.
- [EXTERNAL_DOWNLOADS]: References and utilizes well-known, trusted security resources and tools. This includes official GitHub Actions from the actions/ organization and reputable pre-commit hooks from the gitleaks and pre-commit repositories.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes untrusted project files and aggregates outputs from external scanning tools to create reports.
- Ingestion points: Reads project configuration files (e.g., package.json, .env) and accepts findings from sub-agents ln-761 and ln-625.
- Boundary markers: Implements context isolation for sub-agent tasks using the Task tool with the general-purpose subagent type.
- Capability inventory: Performs file system reads and writes to generate security artifacts like SECURITY.md and CI workflows.
- Sanitization: Uses predefined templates to structure the generated output, reducing the risk of malicious data influencing the final configurations.
Audit Metadata