security-testing-patterns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns detected. The skill provides educational content and configuration examples for standard security tools and CI/CD pipelines. All code snippets are intended for local or CI/CD usage by the developer and do not contain hidden exfiltration logic.
- Indirect Prompt Injection (SAFE): The skill provides patterns for processing external tool outputs and code. While this presents an attack surface for indirect prompt injection, no exploitable vulnerability or missing sanitization was found in the provided templates.
- Ingestion points: Processes source code for SAST and tool outputs for DAST/SCA.
- Boundary markers: Encourages use of structured reports (JSON/SARIF) which are less prone to injection than raw text.
- Capability inventory: Primarily informational; involves standard CLI tool execution for security scanning.
- Sanitization: Recommends standard sanitization in code snippets (e.g., using
fast-checkfor property-based testing).
Audit Metadata