security-audit
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill requests access to the Bash tool to execute grep commands and navigate the project's filesystem, which is a functional requirement for its role as a code auditor.
- [DATA_EXFILTRATION]: The skill searches for sensitive credentials (e.g., api_key, password, token) to report them to the developer. These findings are saved to a local report file and are not transmitted to any external services.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted source code and asset files. 1. Ingestion points: Reads source files from src/, assets/data/, and various configuration files. 2. Boundary markers: The instructions lack explicit delimiters or instructions to ignore embedded commands in the files being audited. 3. Capability inventory: The skill has access to Read, Glob, Grep, Bash, Write, and Task tools. 4. Sanitization: No sanitization or escaping is performed on the ingested code before analysis.
Audit Metadata