vulnerability-assessor
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill retrieves vulnerability metadata from nvd.nist.gov, which is a well-known and trusted government resource. This activity is consistent with the skill's primary purpose of vulnerability assessment.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute diagnostic commands such as 'pip show' and 'pip index' to assess the status and versions of installed Python packages.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection. 1. Ingestion points: It processes untrusted data from security scan results and source code files using the Read and Grep tools. 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present. 3. Capability inventory: The skill has access to Bash, Read, Grep, and Glob tools. 4. Sanitization: There is no evidence of input validation or sanitization before the data is analyzed, allowing potentially malicious instructions in the assessed files to influence agent behavior.
Audit Metadata