security-audit
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because its core function is to ingest and process untrusted external data.
- Ingestion points: Directs the agent to review source code, pull request descriptions, and dependency files as specified in
SKILL.md. - Boundary markers: No delimiters or 'ignore embedded instructions' directives are provided to protect the agent from instructions hidden within the audited code.
- Capability inventory: The skill grants the agent command execution capabilities (
npm audit,pip-audit,snyk test) and file modification capabilities (npm audit fix,pip-audit --fix). - Sanitization: There is no requirement for sanitization or validation of external content before it is analyzed or passed to the shell.
- [External Downloads] (MEDIUM): The skill requires the installation of multiple third-party packages from sources not verified in the trusted list.
- Evidence: Commands include
pip install pip-audit,pip install safety,npm install -g snyk, andbrew install scorecardinreferences/dependency-security.md. - [Remote Code Execution] (MEDIUM): The skill provides configuration for remote execution environments using non-trusted scripts.
- Evidence: The GitHub Actions example in
references/dependency-security.mdusessnyk/actions/node@master. - [Command Execution] (LOW): The skill relies on shell command execution for its operations. While appropriate for a security scanner, this capability increases the potential impact of a prompt injection attack.
Recommendations
- AI detected serious security threats
Audit Metadata