skill-safety-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads untrusted file content and displays those snippets in its output reports. * Ingestion points: The
collect_filesfunction inscripts/safety_scan.pyreads file contents usingPath.read_text(). * Boundary markers: The report output lacks strict delimiters to isolate the file snippets from the agent's instructional context. * Capability inventory: The script performs local filesystem reads and console output; it does not have network or subprocess capabilities. * Sanitization: File content snippets are included in the report without escaping or sanitization. - [DATA_EXFILTRATION]: No data exfiltration was detected. The script analyzes files locally and does not contain any networking modules or logic to perform external requests.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets were found within the skill's code. While regex patterns for various API keys and tokens are present, they are used for identification during scans rather than for authentication.
- [REMOTE_CODE_EXECUTION]: The skill performs static analysis and does not download or execute code from external sources.
Audit Metadata