web-app-security-audit
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to execute various shell commands, including grep for code analysis, curl for endpoint testing, and specialized tools like nmap or npm audit for environment checks.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it analyzes untrusted application source code and comments without explicit boundary markers or sanitization.
- Ingestion points: Processes various project files such as *.ts, *.js, *.py, config/routes.rb, and documentation.
- Boundary markers: None specified in the instructions for separating untrusted file content from system prompts.
- Capability inventory: Includes shell execution for searching files, making network requests (curl), and infrastructure scanning (nmap).
- Sanitization: No sanitization or validation of the ingested source code content is performed before processing.
Audit Metadata