sast-configuration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill guides the user to install well-known security tools like Semgrep, SonarQube, and CodeQL from their official repositories.
- [COMMAND_EXECUTION] (SAFE): Shell commands are used appropriately for tool installation and execution. A local script (run-sast.sh) is referenced for automation but not provided.
- [PROMPT_INJECTION] (LOW): The skill demonstrates an Indirect Prompt Injection surface (Category 8). 1. Ingestion points: Application source code scanned by the tools (referenced in SKILL.md). 2. Boundary markers: Not specified in the configuration examples. 3. Capability inventory: Execution of semgrep, docker, gh, and a local shell script. 4. Sanitization: Not addressed in this configuration-focused skill.
Audit Metadata