vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to bypass safety filters or override agent behavior were detected.
- Data Exposure & Exfiltration (SAFE): No hardcoded secrets or unauthorized network exfiltration patterns found. The tool uses standard local inspection commands.
- Obfuscation (SAFE): All content is in plain text markdown. No Base64, zero-width characters, or homoglyphs detected.
- Indirect Prompt Injection (LOW): The skill acts as a vulnerability scanner, creating a surface for indirect prompt injection from analyzed project files. 1. Ingestion points: File scanning via Read, Glob, Grep, and the referenced security_scan.py script. 2. Boundary markers: Absent; the instructions do not specify how to delimit untrusted code from agent instructions. 3. Capability inventory: Access to Bash and filesystem tools. 4. Sanitization: Not present in the documentation.
- Unverifiable Dependencies & Remote Code Execution (SAFE): No external script downloads or unverified package installations found.
Audit Metadata