sec-audit-remediate
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed with a mandatory 'HARD STOP' Human Review Gate between the analysis phase and the generation phase, preventing automated code generation or file system modification without explicit user approval.
- [COMMAND_EXECUTION]: The skill executes local bash scripts located within the plugin's internal library (scripts/lib/id-generator.sh and scripts/lib/index-updater.sh) to manage output directories and indexes. These are internal tools and do not involve remote command execution.
- [PROMPT_INJECTION]: The skill possesses a potential surface for indirect prompt injection as it processes external security findings. 1. Ingestion points: The skill reads SARIF and markdown findings from the $JAAN_OUTPUTS_DIR path. 2. Boundary markers: There are no explicit delimiters or specific 'ignore' instructions defined for the content of the security findings in the skill's instructions. 3. Capability inventory: The skill has permissions to write fix files, execute internal tasks, and edit the plugin's configuration file (settings.yaml). 4. Sanitization: The skill does not perform explicit sanitization of the finding content, relying instead on the human approval gate to verify the generated remediation code.
Audit Metadata