skill-security-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core function of processing untrusted data from local codebases.\n
- Ingestion points: The scripts/scan_project.py and scripts/scan_secrets.py scripts ingest data from any file within a user-provided directory.\n
- Boundary markers: Findings are output to the agent as text snippets without boundary markers or 'ignore' instructions to separate data from the agent's control context.\n
- Capability inventory: As a security auditor, the agent using this skill typically possesses capabilities to read files, execute shell commands (e.g., pip audit), and report findings to the user.\n
- Sanitization: The scripts perform basic truncation of output snippets to 120 characters, which limits the length of an injection but does not prevent the agent from obeying instructions found within those snippets.
Audit Metadata