security-owasp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill analyzes user-provided code for security vulnerabilities. This creates an attack surface where malicious instructions could be embedded in the code being reviewed. However, the skill is explicitly instructed to treat all input as malicious and focuses on pattern matching rather than direct execution of the input, mitigating the risk.
- [COMMAND_EXECUTION] (SAFE): While the skill contains references to dangerous commands like
execandspawn, these are part of detection patterns used to warn users about vulnerabilities in their own code, not instructions for the agent to execute them. - [CREDENTIALS_UNSAFE] (SAFE): The skill includes regex patterns for detecting hardcoded secrets (e.g.,
api_key,sk_live_). These are diagnostic patterns for security auditing and do not contain actual sensitive credentials or exfiltration logic.
Audit Metadata