workflow-security-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [No Code] (SAFE): The skill consists entirely of markdown instructions (SKILL.md) without any associated scripts or executable components.
- [Metadata] (SAFE): The name and description accurately reflect its contents as a workflow guide for security audits.
- [External Downloads] (SAFE): Mentions of security tools like npm audit or bandit are descriptive and do not include commands for automated downloads or execution of remote scripts.
- [Indirect Prompt Injection] (SAFE): The workflow outlines processing untrusted code for review (File: SKILL.md). 1. Ingestion points: Phase 3 code review. 2. Boundary markers: Absent. 3. Capability inventory: None defined in skill. 4. Sanitization: Absent.
- [Prompt Injection] (SAFE): No instructions designed to override agent behavior or bypass safety guidelines were detected.
Audit Metadata