Skills
skills/levnikolaevich/claude-code-skills/ln-621-security-auditor/Gen Agent Trust Hub

ln-621-security-auditor

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill is configured to fetch missing reference documentation and configuration files from the author's public GitHub repository at https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/. This is used to maintain up-to-date audit definitions.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard security auditing commands, including npm audit, pip-audit, cargo audit, and dotnet list package --vulnerable. These operations are limited to identifying known vulnerabilities in project dependencies.
  • [PROMPT_INJECTION]: The skill is inherently susceptible to indirect prompt injection because its primary function involves reading and processing external codebases. If a codebase contains malicious instructions embedded in comments or strings, they could potentially influence the agent's behavior during the audit process.
  • Ingestion points: Codebase files are read using Read, Grep, Glob, and mcp__hex-line__read_file (defined in SKILL.md workflow steps 2 and 3).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when interpolating audited code into the report or context.
  • Capability inventory: The skill has access to Bash (for dependency audits) and performs file write operations to save the final report (defined in SKILL.md workflow step 6).
  • Sanitization: There is no explicit sanitization or validation of the ingested code content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:33 AM