senior-security
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill describes executing local scripts (e.g., threat_modeler.py) and dev tools (docker, kubectl). This is consistent with its stated purpose.
- NO_CODE (SAFE): The actual logic is located in the scripts folder, which was not provided for analysis.
- INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted codebases for analysis, creating a risk that malicious data could influence agent behavior. 1. Ingestion points: target-path and project-path arguments for auditing scripts. 2. Boundary markers: None identified in the skill file. 3. Capability inventory: Ability to execute scripts, manage containers, and use kubectl. 4. Sanitization: Not specified.
Audit Metadata