Skills
skills/netresearch/security-audit-skill/security-audit/Gen Agent Trust Hub

security-audit

Fail

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: CRITICAL
Full Analysis
  • [SAFE]: The skill is a legitimate security auditing toolkit authored by Netresearch DTT GmbH. It contains extensive documentation on vulnerabilities and patterns for detection and prevention across multiple stacks (PHP/TYPO3, Node.js, Python, AWS, Azure, etc.).
  • [PROMPT_INJECTION]: Automated scans detected instructions to ignore previous rules in references/llm-security.md. Review confirms these are instructional patterns for the model on how to detect and prevent prompt injection in other skills, not an attempt to hijack the agent during this skill's use.
  • [COMMAND_EXECUTION]: Automated scans flagged destructive system commands (rm -rf /) in references/cwe-top25.md. Review confirms these are provided as examples of what a command injection vulnerability looks like for educational and auditing purposes.
  • [EXTERNAL_DOWNLOADS]: The skill uses various scripts/scanners/*.sh to perform grep-based analysis. It also references official tools like trivy, gitleaks, and semgrep. These are well-known security tools used for their intended purpose.
  • [DATA_EXFILTRATION]: While the skill contains regex patterns for detecting exfiltration (e.g., in references/android-sdk-security.md), the skill itself does not perform any unauthorized data exfiltration.
Recommendations
  • CRITICAL: 1 infected file(s) detected - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
May 7, 2026, 02:47 PM