Skills
skills/mrwogu/promptscript/security-auditing/Gen Agent Trust Hub

security-auditing

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to analyze untrusted source code without providing boundary markers or instructions to isolate analyzed content from the agent's control flow. \n
  • Ingestion points: User-provided source code files targeted for audit (e.g., TypeScript files). \n
  • Boundary markers: Absent; the instructions do not specify delimiters to separate the auditor's logic from the code being audited. \n
  • Capability inventory: Uses shell commands (grep, npm audit) to process and analyze the local environment and source files. \n
  • Sanitization: No validation or sanitization of the audited code is suggested before the agent processes it. \n
  • [COMMAND_EXECUTION]: The skill explicitly instructs the agent to execute shell commands to identify security risks. \n
  • Evidence: Suggested use of grep to scan for hardcoded credentials and npm audit to check for known vulnerabilities in dependencies.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 08:50 PM