Skills
skills/endorlabs/skills-ideas/endor-scan-full/Gen Agent Trust Hub

endor-scan-full

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the endorctl CLI tool via npx to perform repository scans. This is the primary function of the skill.
  • [EXTERNAL_DOWNLOADS]: The skill downloads the endorctl package from the official npm registry using npx. This is a standard operation for accessing the vendor's security tools.
  • [DATA_EXFILTRATION]: The skill caches scan results locally in the .endor/ directory. This is used for performance and does not involve exfiltrating data to untrusted destinations.
  • [PROMPT_INJECTION]: The skill processes external data from scan results and cache files. Ingestion points: scan results JSON and .endor/ cache. Boundary markers: Not specified. Capability inventory: Shell execution (npx) and file system access (.endor/). Sanitization: No explicit sanitization of scan results is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 04:26 AM