static-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run security utilities including CodeQL, Semgrep, and jq. These operations are documented for environment assessment, database creation, and vulnerability scanning, which are the primary functions of the skill.
- [EXTERNAL_DOWNLOADS]: Documentation in SKILL.md references official GitHub Actions and the SARIF specification hosted by OASIS. These are well-known, trusted sources used for integration guidance and do not represent a remote code execution risk within the skill's local logic.
- [PROMPT_INJECTION]: The skill defines a specialized persona and a set of 'Iron Laws' to guide the agent's behavior during security reviews. It also presents a surface for indirect prompt injection by ingesting untrusted source code and tool outputs for analysis. Evidence Chain: 1. Ingestion points: Local project files and SARIF results (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, Write, Edit, Glob, Grep. 4. Sanitization: Absent. These factors are considered part of the expected operation for an analysis skill and are assessed as low risk.
Audit Metadata