vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface
- Ingestion points: The skill is designed to analyze external files within a user-provided project directory (referenced via
<project_path>), exposing the agent to untrusted data from potentially malicious sources. - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from obeying instructions that may be embedded within the project files being scanned (e.g., in code comments, READMEs, or data files).
- Capability inventory: The skill permits the use of
Read,Glob,Grep, andBashtools, providing a path for potential exploitation if an injection occurs and the agent is coerced into executing commands or leaking information. - Sanitization: The methodology does not specify any sanitization, validation, or filtering of the content of scanned files before it is processed by the agent.
- [COMMAND_EXECUTION]: Local Script Invocation
- The skill documentation references an external script
scripts/security_scan.pyand provides a template command (python scripts/security_scan.py <project_path>) for the agent to execute. While this script appears to be a core functional component authored by the skill's vendor, the execution of scripts on user-provided paths is a significant capability.
Audit Metadata