security-scan
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The workflow defined in SKILL.md executes a shell script located at scripts/security-scan.sh to perform automated scanning. This file was not included in the skill package, preventing a security audit of its actual command execution behavior.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted external data in the form of project source code and configuration files. Maliciously crafted comments or strings within the scanned code could attempt to influence the agent's report generation or the instructions passed to the sniper sub-agent. (1) Ingestion points: Source code files and dependency markers like package.json and requirements.txt. (2) Boundary markers: No explicit delimiters or instruction-bypass warnings are defined in the workflow. (3) Capability inventory: The skill can execute local scripts and invoke the fuse-ai-pilot:sniper sub-agent. (4) Sanitization: There is no evidence of sanitization or filtering of the scanned content before interpolation into prompts.
- [NO_CODE]: The core scanning script, scripts/security-scan.sh, which is central to the skill's operation, is referenced but missing from the file set.
Audit Metadata