security-review
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill folder contains a large volume of security reference material documenting various attack vectors including XSS, Injection, and Insecure Deserialization. Numerous examples of 'malicious' code snippets, such as reverse shells and hardcoded secrets, are included verbatim. These are correctly identified by static scanners but are used here as non-executable documentation to train the agent in vulnerability detection.
- [PROMPT_INJECTION]: The skill operates by ingesting and analyzing untrusted codebases through tools like
Read,Grep, andGlob. This introduces a theoretical surface for indirect prompt injection if the code being audited contains instructions intended to deceive the auditor. The skill mitigates this by instructing the agent to trace data flows and verify findings across the entire codebase rather than relying on simple text matches. - [COMMAND_EXECUTION]: The agent is permitted to use
BashandTasktools. In the context of a security review skill, these are standard tools for navigating project structures and executing analysis tasks. The skill's instructions focus their use on systematic research and evidence gathering.
Audit Metadata