security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes utility scripts (
scripts/security-audit.shandscripts/github-security-audit.sh) that leverage standard system tools likegrep,find, and the official GitHub CLI (gh). These scripts are intended for local execution by the user to identify security flaws in their own projects and verify repository configurations. - [PROMPT_INJECTION]: As a tool designed to analyze external source code and metadata, the skill inherently processes untrusted data. This establishes a surface for indirect prompt injection if the audited files contain instructions targeted at an AI auditor. This is a situational risk inherent to the auditing task rather than a vulnerability in the skill itself.
- [SAFE]: The repository contains extensive examples of vulnerable code patterns (e.g., SQL injection, XXE, insecure deserialization). These snippets are explicitly provided for educational purposes and pattern-matching logic, and do not constitute a threat to the user or the environment.
Audit Metadata