insecure-defaults
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill is a defensive tool intended for auditing applications for insecure configurations and hardcoded secrets. It is an adaptation of reputable open-source security research and no malicious code or unauthorized data access patterns were identified.
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run standard local auditing commands likegrepandfindto scan for vulnerability patterns in the codebase. - [PROMPT_INJECTION]: The instructions establish a clear persona for security analysis without attempting to bypass safety guardrails or override system instructions. As the skill analyzes untrusted code, it possesses an inherent indirect prompt injection surface.
- Ingestion points: Source code and configuration files are accessed using
Read,Glob, andGreptools. - Boundary markers: The instructions do not define specific delimiters or 'ignore' blocks for the analyzed content.
- Capability inventory: The agent has access to
Bash,Read,Write,Edit,Glob, andGreptools. - Sanitization: No explicit sanitization or filtering of the analyzed content is performed prior to processing.
- [DATA_EXFILTRATION]: No network-capable tools or exfiltration patterns were detected; the skill's operations are restricted to the local environment.
- [EXTERNAL_DOWNLOADS]: The skill does not perform any remote downloads or external resource fetching. All auditing logic is embedded within the provided documentation and scripts.
Audit Metadata