code-security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted external data (user-provided code or API documentation) for security auditing. This creates a surface for indirect prompt injection where malicious instructions within the audited source could attempt to deceive the agent or influence its findings.
- Ingestion points: User-specified files, modules, or API endpoints as described in SKILL.md and SUBAGENT.md.
- Boundary markers: The instructions do not define specific delimiters or 'ignore instructions' warnings for the input content.
- Capability inventory: The instructions describe synthesis and reporting tasks; no direct subprocess execution, file-system writes, or network exfiltration logic is defined in the skill markdown.
- Sanitization: No explicit sanitization or filtering of the input content is specified before the analysis phase.
Audit Metadata