extension-review
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted extension source code, which represents an indirect prompt injection surface. Malicious instructions embedded in files being scanned could potentially attempt to influence agent behavior during the review process. Ingestion points: Extension source files (manifest.json, src/*) via grep and cat. Boundary markers: None. Capability inventory: Local file system read/write, shell command execution (ls, grep, cat, jq). Sanitization: None. This surface is inherent to the skill's function as a code scanner.\n- [CREDENTIALS_UNSAFE]: The skill explicitly searches for hardcoded credentials (passwords, tokens, API keys) in the extension source code to identify security risks for the developer. Evidence: Grep patterns in references/scan-checklist.md searching for "password=", "token=", "key=", and "secret=". This is a core feature of the auditing process and does not represent an attempt by the skill to steal secrets for malicious purposes.
Audit Metadata