security-research
Pass
Audited by Gen Agent Trust Hub on Jun 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The functionality described in the skill is legitimate and fully aligned with its stated purpose as a security research and vulnerability auditing tool. It references authoritative sources such as CWE, OWASP, and CVSS to guide its methodology.
- [PROMPT_INJECTION]: The skill inherently processes untrusted data from target repositories, creating an attack surface for indirect prompt injection.
- Ingestion points: Codebase contents, PR details, and git diffs are processed as audit targets in SKILL.md during Phase 0 and Phase 1.
- Boundary markers: Untrusted content is included in agent prompts without specific boundary delimiters.
- Capability inventory: The agents utilize
rg,git, LSP, and the ability to execute localized reproduction code via specialized PoC sub-agents. - Sanitization: No automated sanitization of the input code is implemented before it is analyzed by the sub-agents.
- Mitigation: The risk is addressed by strict behavioral instructions, including mandates for "local-only execution," the use of "toy inputs," and the avoidance of destructive actions against external systems or services.
- [COMMAND_EXECUTION]: While the skill involves generating and executing Proof-of-Concept code to verify vulnerabilities, this is restricted by instructions to maintain safety, use local fixtures, and prefer static proof over unsafe execution.
Audit Metadata