security-audit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill frequently invokes
npx @claude-flow/cli. This package is not associated with any trusted organizations defined in the security guidelines, and usingnpxresults in the automatic download and execution of remote code from the npm registry at runtime. - [COMMAND_EXECUTION] (SAFE): Shell script execution and CLI tool usage are limited to the defined security scanning logic and are consistent with the skill's primary stated purpose of security auditing.
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it processes untrusted codebase data that could contain malicious instructions. Evidence Chain: (1) Ingestion points: codebase files scanned via the
--pathargument; (2) Boundary markers: Not implemented in the script or prompt logic; (3) Capability inventory: Local shell script execution,npxpackage execution, andnpm audit fixcapabilities; (4) Sanitization: None identified in the script logic to prevent the agent from following instructions embedded in the scanned code.
Audit Metadata