securing-code
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a defensive resource, offering extensive documentation and code examples for implementing security best practices such as input validation, password hashing, and secure header configuration. No evidence of malicious intent, prompt injection, or credential harvesting was found.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) due to its primary function of analyzing external code. It includes numerous technical examples of attack payloads (SQL injection, XSS, SSRF, etc.) for educational and detection purposes, which could potentially influence the model's behavior if untrusted data being processed contains similar instructions. Evidence:
- Ingestion points: The skill is explicitly designed to be loaded after code implementations to perform security checks (referenced in
SKILL.mdandINSTRUCTIONS.md). - Boundary markers: The instructional content does not define specific delimiters or isolation protocols for the ingested code implementations being analyzed.
- Capability inventory: The skill references an external tool
/codeguard-security:software-securityfor performing automated security analysis on provided software (referenced inINSTRUCTIONS.md). - Sanitization: There are no explicit instructions for the agent to sanitize or escape external content before it is processed by the security analysis logic.
Audit Metadata