prowler-mcp
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns, obfuscation, or unauthorized operations detected. The skill acts as a documentation and template resource for developers.
- Indirect Prompt Injection (SAFE): Evaluated the surface area for instructions embedded in external Prowler API findings. 1. Ingestion points: assets/tool_implementation.py (via api_client.get). 2. Boundary markers: Absent. 3. Capability inventory: Bash, Edit, Write, WebFetch. 4. Sanitization: Absent. The risk is considered SAFE as the skill is a blueprint for security tooling, and the data is handled via structured Pydantic models.
Audit Metadata