Skills
skills/sirn/dotfiles/code-security-audit/Gen Agent Trust Hub

code-security-audit

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because its core function involves ingesting and analyzing untrusted data.
  • Ingestion points: Processes files, modules, or API endpoints mentioned by the user (SKILL.md, SUBAGENT.md).
  • Boundary markers: The instructions do not define delimiters or provide specific commands to ignore instructions that might be embedded within the target files being audited.
  • Capability inventory: The skill utilizes WebSearch and WebFetch tools to research vulnerabilities (SKILL.md).
  • Sanitization: No sanitization or escaping of the content found in the target files is specified before the AI analyzes them.
  • [EXTERNAL_DOWNLOADS]: The skill uses WebSearch and WebFetch tools to identify known CVEs and research insecure dependencies. This is a standard procedure for the skill's stated purpose and uses well-known, trusted search capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 02:53 PM