skills/sebas-aikon-intelligence/antigravity-awesome-skills/vulnerability-scanner/Gen Agent Trust Hub
vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's workflow for scanning external projects introduces a vulnerability to indirect prompt injection. Ingestion points: Untrusted data enters the agent context via the user-provided project path analyzed by the Read, Glob, and Grep tools. Boundary markers: Absent. The skill instructions do not provide delimiters or specific markers to differentiate untrusted scanned content from system instructions. Capability inventory: The agent is granted Bash, Read, Glob, and Grep permissions, which provides a high-impact execution path if an attacker-controlled file successfully injects instructions. Sanitization: Absent. There is no evidence of content filtering or validation before the agent processes scanned data.
Audit Metadata