when-auditing-security-use-security-analyzer

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill leverages standard system utilities such as grep, find, and awk to scan source code for vulnerability patterns like SQL injection, XSS, and hardcoded credentials. These operations are restricted to the local filesystem.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to execute established security auditing tools, including license-checker and @cyclonedx/cyclonedx-npm. These represent standard industry practices for dependency management and SBOM generation from trusted package registries.
  • [REMOTE_CODE_EXECUTION]: No execution of untrusted remote code was detected. The skill performs dynamic security testing by generating temporary JavaScript test suites that target the user's local application server (e.g., localhost:3000) to verify authentication and CSRF protections.
  • [DATA_EXFILTRATION]: No evidence of data exfiltration was found. Network activity is confined to local health checks and security probes against the developer's environment, and findings are stored in the local /tmp directory for user review.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 03:21 AM
Security Audit — agent-trust-hub — when-auditing-security-use-security-analyzer