oma-deepsec
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes
deepsecCLI commands using package managers such asbunx,npx,pnpm, oryarn. These commands are used to perform repository initialization, vulnerability scanning, and finding triage. - [CREDENTIALS_UNSAFE]: Manages sensitive environment variables including
AI_GATEWAY_API_KEY,ANTHROPIC_AUTH_TOKEN, andVERCEL_OIDC_TOKEN. The skill includes extensive documentation on handling these secrets securely, specifically recommending the use of.env.localand a two-job CI pattern to prevent exposure. - [EXTERNAL_DOWNLOADS]: Fetches the
deepsecscanner and its plugins from the npm registry. These resources originate from Vercel Labs, which is a recognized and trusted technology organization. - [DATA_EXFILTRATION]: Transmits code snippets to external AI services (Anthropic, OpenAI, and Vercel AI Gateway) for analysis. This is a core functional requirement of the scanner and is performed via secure, authenticated channels.
- [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection when the agent processes content from untrusted repositories.
- Ingestion points: Source code files and configuration files from the target repository.
- Boundary markers: None explicitly defined in the skill instructions for scanned data.
- Capability inventory: Execution of shell commands and network access to configured AI providers.
- Sanitization: The skill explicitly recommends utilizing the built-in sandbox mode (
deepsec sandbox) when dealing with unfamiliar or untrusted codebases to isolate the execution environment and protect credentials.
Audit Metadata