trivy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill recommends installing the Trivy binary via Homebrew (
brew install trivy) and references an external GitHub Action (aquasecurity/trivy-action). While these are standard practices for developers, they involve downloading content from sources not included in the predefined trusted list. The severity is lowered because this is essential to the skill's primary purpose of security scanning. - PROMPT_INJECTION (LOW): The skill exhibits a vulnerability surface for Indirect Prompt Injection (Category 8) by instructing the agent to ingest and analyze external data.
- Ingestion points: The agent is prompted to analyze
report.jsonfiles generated by the Trivy scanner. - Boundary markers: The prompt template provided for Claude does not include specific delimiters or instructions to ignore embedded instructions within the report data.
- Capability inventory: The skill allows the use of powerful tools including
Bash,Write, andEdit, which could be abused if an attacker can influence the agent's logic through a poisoned vulnerability report. - Sanitization: There is no evidence of sanitization or validation of the JSON report content before processing.
Audit Metadata