vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- NO_CODE (SAFE): The skill documentation in
SKILL.mdreferences a Python script atscripts/security_scan.pyfor automated validation. This file was not included in the provided skill package, meaning the automated functionality is not available.\n- Indirect Prompt Injection (SAFE): The skill is designed to ingest and analyze untrusted external project data, creating a potential surface for indirect prompt injection.\n - Ingestion points: Project code and configuration files read via
Read,Glob, andGreptools.\n - Boundary markers: No specific delimiters or instructions for the agent to ignore embedded instructions in the scanned data are provided.\n
- Capability inventory: The skill allows the use of
Bash,Read,Glob, andGreptools.\n - Sanitization: No input validation or sanitization logic is present in the markdown instructions. The risk is inherent to the use-case of a security scanner and no malicious code is currently present to exploit this surface.
Audit Metadata