Skills
skills/nielsmadan/agentic-coding/review-security/Gen Agent Trust Hub

review-security

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs security audits by running standard, well-known ecosystem tools including npm audit, pip-audit, safety check, bundle audit, and govulncheck.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted data from the codebase being audited.
  • Ingestion points: Processes file content retrieved via git diff --cached --name-only or through globbing the source directory.
  • Boundary markers: The instructions do not specify the use of delimiters or explicit 'ignore instructions' warnings when reading file contents into the agent context.
  • Capability inventory: The skill is capable of executing shell commands for dependency audits and spawning sub-agents for parallel task execution.
  • Sanitization: No explicit sanitization, validation, or escaping of the audited code content is described in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:21 AM