Skills
AGENT LAB: SKILLS
skills/sickn33/antigravity-awesome-skills/vulnerability-scanner/Gen Agent Trust Hub

vulnerability-scanner

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill's primary function is to ingest and analyze arbitrary project files, which serves as a vector for indirect prompt injection if malicious instructions are embedded in the scanned source code.
  • Ingestion points: The scripts/security_scan.py script accepts a <project_path> as input, causing the agent to process data from that path.
  • Boundary markers: Absent; the skill lacks specific instructions to the agent to treat scan findings or file contents as data rather than instructions.
  • Capability inventory: The skill allows access to the Bash, Read, Glob, and Grep tools, which can be leveraged if an injection is successful.
  • Sanitization: Absent; no logic is described to sanitize or validate the content of scanned files.
  • Unverifiable Dependency (LOW): The skill references a local Python script scripts/security_scan.py that was not included in the analysis, preventing verification of its internal execution logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:45 PM