Skills
skills/nayuta/agent-skills/security-scan/Gen Agent Trust Hub

security-scan

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a bundled bash script (scripts/run-scans.sh) to execute several security analysis tools against the local filesystem.
  • Executed tools include: gitleaks, semgrep, grype, npm audit, bandit, pip-audit, gosec, govulncheck, cargo audit, and bundle-audit.
  • [EXTERNAL_DOWNLOADS]: The skill documentation and output provide guidance for installing missing tools from well-known and trusted sources.
  • Recommends installation via brew, pip, npm, go install, cargo install, and gem install.
  • Explicitly references official repositories for tools like gosec and govulncheck.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and reports raw data from external tools that scan potentially untrusted codebases.
  • Ingestion points: Tool output is captured in scripts/run-scans.sh via the run_tool function.
  • Boundary markers: The captured output is wrapped in Markdown code blocks (```) within the generated report, but does not include explicit warnings to ignore embedded instructions.
  • Capability inventory: The skill uses the Bash tool to run the scanning script and process results.
  • Sanitization: The script does not perform sanitization or filtering of the tool output before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 05:23 AM