security-scanning-security-sast
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's Python implementation uses the
subprocess.runmethod with list arguments to execute external security scanners such as Semgrep and Bandit, which is a secure implementation practice. - [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing well-known security analysis tools from official package repositories including PyPI and NPM.
- [PROMPT_INJECTION]: The skill processes untrusted source code as input via the
project_pathfor analysis (Ingestion point). It lacks explicit boundary markers for the data being scanned (Boundary markers). While it has the capability to execute system commands via the security tools (Capability inventory), it uses secure subprocess calls with list arguments to mitigate risks (Sanitization).
Audit Metadata