oma-deepsec

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes deepsec CLI commands using package managers such as bunx, npx, pnpm, or yarn. These commands are used to perform repository initialization, vulnerability scanning, and finding triage.
  • [CREDENTIALS_UNSAFE]: Manages sensitive environment variables including AI_GATEWAY_API_KEY, ANTHROPIC_AUTH_TOKEN, and VERCEL_OIDC_TOKEN. The skill includes extensive documentation on handling these secrets securely, specifically recommending the use of .env.local and a two-job CI pattern to prevent exposure.
  • [EXTERNAL_DOWNLOADS]: Fetches the deepsec scanner and its plugins from the npm registry. These resources originate from Vercel Labs, which is a recognized and trusted technology organization.
  • [DATA_EXFILTRATION]: Transmits code snippets to external AI services (Anthropic, OpenAI, and Vercel AI Gateway) for analysis. This is a core functional requirement of the scanner and is performed via secure, authenticated channels.
  • [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection when the agent processes content from untrusted repositories.
  • Ingestion points: Source code files and configuration files from the target repository.
  • Boundary markers: None explicitly defined in the skill instructions for scanned data.
  • Capability inventory: Execution of shell commands and network access to configured AI providers.
  • Sanitization: The skill explicitly recommends utilizing the built-in sandbox mode (deepsec sandbox) when dealing with unfamiliar or untrusted codebases to isolate the execution environment and protect credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:18 PM
Security Audit — agent-trust-hub — oma-deepsec