security-review
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill defines a standard workflow for security audits, including OWASP Top 10 scans and secrets detection.
- [NO_CODE]: The skill ships no executable scripts or binaries.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface. 1. Ingestion points: The agent processes external codebases provided as input. 2. Boundary markers: The prompt lacks delimiters to isolate audited code from instructions. 3. Capability inventory: The agent can delegate tasks and call MCP tools like
ask_codex. 4. Sanitization: No sanitization of input code is performed.
Audit Metadata