Skills
skills/pixel-process-ug/superkit-agents/security-review/Gen Agent Trust Hub

security-review

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to run security audit commands such as npm audit, pip-audit, safety check, govulncheck, and cargo audit using the Bash tool. These commands are used to identify vulnerabilities in software dependencies by querying official package registries.
  • [PROMPT_INJECTION]: The skill is designed to analyze external source code, which constitutes an indirect prompt injection surface. Maliciously crafted comments or code patterns in the files being reviewed could potentially attempt to override the agent's instructions during the analysis phase. Ingestion points include code files and dependency lists processed in Phase 2. Boundary markers (delimiters or specific safety warnings for embedded instructions) are absent. Capability inventory includes the Bash tool (for auditing) and the Agent tool (for subagent dispatch). Sanitization or filtering of external content is not explicitly provided in the skill logic.
  • [EXTERNAL_DOWNLOADS]: The skill references and downloads vulnerability metadata from external sources when running auditing tools like socket-security or pip-audit to compare local dependencies against known CVE databases.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 12:42 AM