auditing-python-security
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The script
scripts/security_scan.pyexecutes external security binaries (bandit,pip-audit,safety,detect-secrets) usingsubprocess.runwith list-based arguments, preventing shell injection. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) due to its core function of processing untrusted source code data.
- Ingestion points: Project source files are analyzed by scanners triggered in
scripts/security_scan.py. - Boundary markers: Findings are parsed from JSON tool outputs and formatted into a structured report.
- Capability inventory: The script can execute subprocesses and write report files to the local disk.
- Sanitization: The script relies on the security tools to parse the code; malicious strings within comments or variables in the audited code could be reflected in the resulting report.
Audit Metadata