Skills
skills/questnova502/claude-skills-sync/senior-security/Gen Agent Trust Hub

senior-security

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted code from external paths. * Ingestion points: security_auditor.py, threat_modeler.py, and pentest_automator.py accept path arguments. * Boundary markers: None identified. * Capability inventory: Local script execution and file-write access ('Automated fixes'). * Sanitization: None identified.
  • Command Execution (MEDIUM): The skill prompts execution of local Python scripts, npm commands, and deployment tools like docker and kubectl.
  • Data Exposure (MEDIUM): The instructions require handling .env files which often contain sensitive credentials.
  • Unverifiable Dependencies (MEDIUM): Relies on npm and pip for installing external packages without specified versions or sources.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 11:11 AM