security-guidelines
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is entirely documentation-based, providing templates and workflows for security reviews. No executable scripts or automation tools are included that could perform unauthorized actions.
- [DATA_EXFILTRATION]: Mentions of sensitive file paths such as '.env' and '/etc/passwd' are found only within documentation examples of common vulnerabilities (e.g., Directory Traversal) and do not represent any attempt by the skill to access or exfiltrate local system data.
- [EXTERNAL_DOWNLOADS]: The documentation recommends well-known security libraries (e.g., DOMPurify, HTMLPurifier) for implementation in the user's project, but the skill itself does not perform any remote downloads or installations during execution.
- [PROMPT_INJECTION]: No malicious instruction overrides or bypass attempts were detected. The skill uses natural instructional language to guide the AI's auditing behavior and coordination with platform security rules.
- [COMMAND_EXECUTION]: OS command execution is discussed exclusively as a vulnerability type (OS Command Injection) with corresponding mitigation strategies using Symfony Process, which is a standard security best practice.
Audit Metadata