Skills
skills/jeremylongshore/claude-code-plugins-plus/performing-security-audits/Gen Agent Trust Hub

performing-security-audits

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill analyzes untrusted third-party code and configurations, which creates a surface for indirect prompt injection.\n
  • Ingestion points: Files processed by scripts/security_scan.sh and code provided for audits in SKILL.md.\n
  • Boundary markers: Not present.\n
  • Capability inventory: Broad shell access via Bash(cmd:*) tool permissions.\n
  • Sanitization: None implemented in the provided scripts.\n- [SAFE]: The file scripts/security_scan.sh is a benign Python script mislabeled with a .sh extension that performs basic file size reporting and JSON validation.\n- [SAFE]: The skill references several scripts and templates that are either not provided or serve as placeholders for security auditing tasks, with no evidence of malicious intent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 06:57 PM
Security Audit — agent-trust-hub — performing-security-audits