vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides structured educational material and reference checklists for security professionals and AI agents performing security tasks.
- [COMMAND_EXECUTION]: The script
scripts/security_scan.pyexecutes the well-knownnpm auditutility via the subprocess module. This is a legitimate operation for dependency scanning and is confined to the specific audit command. - [SAFE]: File access is restricted to reading and analyzing local source code for potential vulnerabilities like hardcoded credentials and unsafe API usage, with no data exfiltration detected.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes untrusted file content. 1. Ingestion points:
scripts/security_scan.pyreads files in the target project path. 2. Boundary markers: absent in the scanner output. 3. Capability inventory: subprocess execution for auditing and extensive file read permissions. 4. Sanitization: no escaping or filtering of content snippets retrieved from files.
Audit Metadata