Skills
skills/prorise-cool/claude-code-multi-agent/security-specialist/Gen Agent Trust Hub

security-specialist

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest untrusted data such as source code for security audits and legal documents for compliance checks. While the skill's purpose is defensive, the underlying model remains vulnerable to instructions embedded in the analyzed content.
  • Ingestion points: Processes external files (source code, policies) via Read and Grep tools (found in studio-operations_legal-compliance-checker.md).
  • Boundary markers: Absent. The instructions do not define clear delimiters or specific instructions for the agent to ignore directives within analyzed content.
  • Capability inventory: Includes high-risk capabilities such as file modification (Write, MultiEdit) and internet access (WebSearch).
  • Sanitization: No explicit sanitization or input validation logic is defined within the skill instructions to mitigate the impact of malicious content in analyzed files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:11 PM