audit-plugin-l5
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute inventory scripts and dispatch the l5-red-team-auditor sub-agent. This is a core part of its functionality as a command-line security auditing tool.
- [PROMPT_INJECTION]: The auditor agent performs deep analysis on external, potentially untrusted plugin files. There are no explicit boundary markers or sanitization procedures mentioned in the audit instructions to prevent instructions embedded within the target files from influencing the auditor's behavior (indirect prompt injection).
- [DATA_EXFILTRATION]: Test fixtures included for regression testing (e.g., tests/flawed-plugin/scripts/bad_script.py) demonstrate data exposure patterns, such as accessing sensitive environment variables like DATABASE_PASSWORD. These are intentional flaws meant for detection validation.
- [EXTERNAL_DOWNLOADS]: The flawed test fixture scripts contain network operation patterns using curl and requests to communicate with external domains (example.com, example.invalid). These are utilized as deterministic detection targets for the security scanner.
- [CREDENTIALS_UNSAFE]: The test suite includes examples of hardcoded credential patterns (e.g., sk- test keys and Bearer tokens) within bad_script.py to verify that the scanner correctly identifies these risks in analyzed plugins.
Audit Metadata