vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/security_scan.pyexecutes thenpm auditcommand locally using thesubprocessmodule to identify vulnerabilities in project dependencies. This is a standard and expected function for a security scanning tool. - [PROMPT_INJECTION]: The skill processes untrusted data by reading files from a user-provided project directory for static analysis.
- Ingestion points: Code and configuration files read from the filesystem in
scripts/security_scan.py. - Boundary markers: None; the script reads file contents directly into memory for regex analysis.
- Capability inventory: File read access and local command execution (
npm audit) viasubprocessinscripts/security_scan.py. - Sanitization: The script uses regular expressions to identify patterns and does not execute or evaluate the content of the files being scanned.
Audit Metadata