Skills
skills/bcastelino/agent-skills-kit/vulnerability-scanner/Gen Agent Trust Hub

vulnerability-scanner

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/security_scan.py script executes the npm audit command to validate project dependencies. The execution uses a fixed argument list and is restricted to the user-provided project path, following best practices for subprocess calls.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads and processes untrusted project files during analysis. Maliciously crafted content within the scanned project could attempt to influence the agent's behavior.
  • Ingestion points: The scripts/security_scan.py script reads files with extensions such as .js, .py, and .json within the provided project directory.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are used when the scanner outputs code snippets to the agent context.
  • Capability inventory: The script includes the ability to execute system commands via subprocess.run and perform file system walkthroughs.
  • Sanitization: The script extracts and reports code snippets verbatim without sanitization or escaping of potential injection payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 03:42 AM
Security Audit — agent-trust-hub — vulnerability-scanner