skills/dnyoussef/ai-chrome-extension/when-auditing-security-use-security-analyzer/Gen Agent Trust Hub
when-auditing-security-use-security-analyzer
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill leverages standard system utilities such as
grep,find, andawkto scan source code for vulnerability patterns like SQL injection, XSS, and hardcoded credentials. These operations are restricted to the local filesystem. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto execute established security auditing tools, includinglicense-checkerand@cyclonedx/cyclonedx-npm. These represent standard industry practices for dependency management and SBOM generation from trusted package registries. - [REMOTE_CODE_EXECUTION]: No execution of untrusted remote code was detected. The skill performs dynamic security testing by generating temporary JavaScript test suites that target the user's local application server (e.g., localhost:3000) to verify authentication and CSRF protections.
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. Network activity is confined to local health checks and security probes against the developer's environment, and findings are stored in the local
/tmpdirectory for user review.
Audit Metadata