audit-prep-assistant
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution (SAFE): The skill includes instructions to execute well-known security tools such as Slither (Solidity), Dylint (Rust), and GolangCI-Lint (Go). These operations are essential to the skill's primary purpose of security auditing and do not involve untrusted remote sources or privilege escalation.
- Indirect Prompt Injection (LOW): The skill has an attack surface for indirect prompt injection as it processes local codebases to generate documentation and analyze coverage. However, the risk is inherent to the audit-prep use case and the skill contains no logic that would allow external data to be exfiltrated or to bypass agent safety constraints.
- Ingestion points: Reads files in the local codebase (Step 2 and 3).
- Boundary markers: None explicitly defined in the prompt template.
- Capability inventory: Executes local shell commands for static analysis.
- Sanitization: Not applicable as it primarily generates descriptive reports and checklists.
Audit Metadata