senior-secops
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The provided SKILL.md file contains no executable logic or code, acting solely as a guide for using external scripts located in the scripts directory which were not provided for analysis.
- [EXTERNAL_DOWNLOADS]: The setup instructions include npm and pip installation commands, which fetch packages from standard, well-known registries.
- [COMMAND_EXECUTION]: The skill documents the execution of local scripts and system tools like docker and kubectl for security scanning and deployment tasks.
- [PROMPT_INJECTION]: The skill processes external project files for vulnerability assessment, representing an indirect prompt injection surface. Ingestion points: Target project paths passed to scripts. Boundary markers: No explicit delimiters are mentioned to isolate untrusted code from the agent's instructions. Capability inventory: The skill utilizes local scripts with the potential to run system commands and perform automated fixes. Sanitization: No input validation or sanitization steps are documented in the skill file.
Audit Metadata