resonance-security
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill's primary function is to audit external, untrusted code which may contain malicious instructions designed to hijack the agent's logic. * Ingestion points: The skill analyzes PRs and code files using the read_file tool. * Boundary markers: Absent; there are no specific markers or system-level instructions provided to differentiate between audited data and the agent's internal control logic. * Capability inventory: The skill possesses run_command, edit_file, and write_file tools. * Sanitization: Absent; the provided documentation focuses on sanitizing the audited application but does not define sanitization for the agent's own input processing.
- Command Execution (LOW): The skill is granted access to the run_command tool. While its documented operational sequence uses this tool for legitimate security tasks—such as running npm audit, trufflehog, and trivy—this capability increases the risk associated with a successful indirect prompt injection from malicious code in a pull request.
Audit Metadata