security-scanning
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill references the installation of reputable security tools like Snyk and Gitleaks through standard package managers (npm/bun). These are verified industry-standard utilities.
- COMMAND_EXECUTION (LOW): The skill uses shell execution to perform auditing tasks. Example 2 (Pre-commit Secret Scan) utilizes execSync to process git-tracked files; this example lacks filename sanitization, which presents a minor command injection surface if the skill is used on a repository containing filenames with shell metacharacters.
- PROMPT_INJECTION (LOW): The skill possesses an indirect prompt injection surface (Category 8) as it reads and processes untrusted file content. 1. Ingestion points: staged file content via git show. 2. Boundary markers: Absent. 3. Capability inventory: Console logging and process termination (exit 1). 4. Sanitization: None; the script relies on simple string matching and regex which can be bypassed or manipulated by malicious content within scanned files.
Audit Metadata