Skills
skills/yonatangross/orchestkit/owasp-top-10/Gen Agent Trust Hub

owasp-top-10

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICAL
Full Analysis
  • [SAFE] (SAFE): The skill contains purely educational and reference material. The code examples provided are labeled as either vulnerable (❌ Bad) or secure (✅ Good) to assist a security auditor agent in identifying issues.
  • [REMOTE_CODE_EXECUTION] (SAFE): While the skill contains examples of RCE-vulnerable functions like os.system() and pickle.loads(), these are explicitly presented as 'Vulnerable' examples to be avoided. The skill does not execute these commands.
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions npm audit and pip-audit as best practices for scanning dependencies, but does not trigger any external downloads itself.
  • [DATA_EXFILTRATION] (SAFE): No sensitive file access or network exfiltration patterns were found. The 'Malicious URL' alert for logger.info is a false positive, as it refers to a standard logging method in a code example.
  • [PROMPT_INJECTION] (SAFE): The content is descriptive and lacks any instructions that attempt to bypass agent safety filters or override system prompts.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 05:11 PM