security-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing untrusted source code.
- Ingestion points: The skill reads external files during 'scan', 'check', and 'secrets' modes (SKILL.md, scripts/secrets-detector.py, scripts/compliance-scorer.py).
- Boundary markers: No explicit delimiters or instructions are used to separate scanned content from agent instructions.
- Capability inventory: The agent has file system access and can execute system commands (find, git) and local Python scripts.
- Sanitization: File content is processed for patterns without escaping or filtering that would prevent instruction obedience.
- [COMMAND_EXECUTION]: The skill executes system-level commands to perform its auditing functions.
- Evidence: SKILL.md specifies the use of 'find' for file enumeration and 'git log' for secrets detection in git history. It also executes local scripts via 'uv run'.
- [DATA_EXFILTRATION]: The skill accesses sensitive file paths to identify security vulnerabilities.
- Evidence: The scanner is designed to read configuration files (e.g., .env, config.*) and private key files (e.g., *.pem) to detect hardcoded credentials and exposure risks, as outlined in the triage and secrets protocols.
Audit Metadata