owasp-security

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were detected. The skill correctly defines its operational boundaries and focuses on educational and procedural guidance for security audits.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it is designed to ingest and analyze untrusted source code during security audits. This is an inherent risk for code-analysis tools where malicious instructions could be embedded in the audited data to influence the agent's conclusions.
  • Ingestion points: Untrusted source code, PR diffs, and configuration files being audited (defined in SKILL.md).
  • Boundary markers: The instructions conceptually describe trust boundaries but do not provide specific syntactic delimiters or instructions for the agent to isolate external code from its own prompts.
  • Capability inventory: The skill uses the Read, Grep, and Bash tools to access and search the local filesystem (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of audited content is defined in the instruction set.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:35 AM
Security Audit — agent-trust-hub — owasp-security