report
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill accesses security-related artifacts in the
.appsec/directory, including findings and scanner results. This data access is essential for the skill's primary function of generating reports and is limited to the local filesystem without any network exfiltration mechanisms. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from scanner results and finding objects to construct reports.
- Ingestion points: Reads security data from
.appsec/findings.jsonand.appsec/scanners/. - Boundary markers: None explicitly defined in the skill instructions; the agent is expected to parse the JSON array objects directly.
- Capability inventory: The skill can read local security files, write Markdown/HTML/JSON/SARIF report files, and generate Mermaid diagrams.
- Sanitization: No explicit sanitization or escaping rules are provided for the aggregated findings, but the impact is restricted to the generated report content.
Audit Metadata