vulnerability-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill requests the
Bashtool and provides instructions to execute a script (python scripts/security_scan.py <project_path>). This pattern allows the agent to run code against arbitrary user-controlled directories, which is high-risk if the script behavior is not strictly constrained. - [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes untrusted data with high-privilege capabilities.
- Ingestion points: The agent uses
Read,Glob, andGrepto scan files within a user's<project_path>. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands within the scanned files are present in the skill definition.
- Capability inventory: The agent has access to the
Bashtool and the ability to execute Python scripts. - Sanitization: There is no evidence of sanitization or filtering of the content read from the project files before the agent processes it.
- [REMOTE_CODE_EXECUTION] (MEDIUM): While no direct remote downloads are seen in the markdown, the skill references an external script (
scripts/security_scan.py) that is not provided for analysis. If this script is dynamically updated or retrieved from an untrusted source, it constitutes a Category 4/10 risk.
Recommendations
- AI detected serious security threats
Audit Metadata