threat-modeling
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates security analysis by executing local Python scripts such as
module_discovery.pyfor project scanning andphase_data.pyfor workflow management. It also recommends using established security tools like Semgrep or CodeQL if present on the system to enhance discovery. - [EXTERNAL_DOWNLOADS]: Installation instructions guide users to download the skill from the author's official GitHub repository (
github.com/fr33d3m0n/threat-modeling). - [PROMPT_INJECTION]: The
SKILL.mdcontains strict behavioral instructions requiring the AI agent to follow the defined 8-phase workflow rather than attempting manual analysis, ensuring consistent and professional security deliverables. - [SAFE]: Automated security alerts for 'infected' content or 'obfuscated execution chains' relate to OWASP reference files and XSS filter evasion cheat sheets within the
knowledge/directory. These are security testing references containing attack examples and are not malicious components of the skill.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
Audit Metadata