Skills
skills/sickn33/antigravity-awesome-skills/security-scanning-security-sast/Gen Agent Trust Hub

security-scanning-security-sast

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python implementation (MultiLanguageSASTScanner) that utilizes subprocess.run to execute external security binaries like Semgrep and Bandit. This is the primary intended functionality of the skill and is implemented following secure coding practices by using argument lists to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing well-known security utilities from official package registries (PyPI and npm). These tools (e.g., Bandit, Semgrep, ESLint) are standard in the security industry.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it parses output from tools scanning untrusted source code.
  • Ingestion points: MultiLanguageSASTScanner.run_semgrep_scan (reading JSON output from tool execution).
  • Boundary markers: None identified in the report aggregator logic.
  • Capability inventory: Execution of system commands via subprocess.run.
  • Sanitization: Findings are parsed directly from JSON output without explicit filtering for embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 02:59 PM