vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill allows the agent to process untrusted code from a project path using powerful system tools, creating a vulnerability surface.
- Ingestion points: The agent is instructed to use
Read,Glob, andGreptools to ingest content from arbitrary files within a user-provided project directory as seen in the tools definition of SKILL.md. - Boundary markers: The skill metadata and instructions do not define delimiters or specific safety guidelines to help the agent distinguish between its scanning logic and instructions found inside the scanned data.
- Capability inventory: The
Bashtool is enabled in the YAML frontmatter, and the skill references an external Python script (scripts/security_scan.py), providing a high-privilege execution environment for potentially malicious instructions. - Sanitization: There is no evidence of sanitization or validation of the ingested file content before it is processed by the agent or its tools.
Audit Metadata