sca-osv-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill suggests installing osv-scanner from github.com/google/osv-scanner. Per [TRUST-SCOPE-RULE], this is a trusted source (Google), so the severity of the download itself is downgraded.
- COMMAND_EXECUTION (MEDIUM): The skill uses shell commands like 'osv-scanner -r --json' to execute analysis on user-provided directories, which involves subprocess creation.
- PROMPT_INJECTION (HIGH): The skill is highly susceptible to Indirect Prompt Injection. 1. Ingestion points: It reads data from untrusted external files including package-lock.json, requirements.txt, Cargo.lock, and sbom.json. 2. Boundary markers: No boundary markers or delimiters are used when processing this data. 3. Capability inventory: The agent has the capability to execute subprocesses and parse their output. 4. Sanitization: No sanitization is performed on the ingested content or tool output. A malicious actor could embed instructions inside a repository's lockfiles that could influence the agent's behavior during or after the scan.
Recommendations
- AI detected serious security threats
Audit Metadata