security-reviewer
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to execute various security auditing and penetration testing tools via Bash, including semgrep, bandit, gitleaks, nmap, sqlmap, and trivy.
- [EXTERNAL_DOWNLOADS]: Refers to the installation of security packages via standard managers such as npm, pip, go, and brew, and fetches certificate information from the well-known crt.sh service.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill reads and processes local files using Read and Grep while possessing Bash execution capabilities. 1. Ingestion points: Project files and directory structures accessed via Read, Glob, and Grep. 2. Boundary markers: Includes explicit instructions to verify written authorization and scope (Rules of Engagement) before active testing. 3. Capability inventory: Full Bash access for running scanners and exploitation tools. 4. Sanitization: Relies on manual review and standard tool output parsing without specific content delimiters.
Audit Metadata