Skills
skills/marclelamy/skills/variant-analysis/Gen Agent Trust Hub

variant-analysis

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The command trailofbits:variants utilizes the Bash and Task tools to execute analysis scripts and search patterns. This functionality is essential for its purpose of performing automated security audits and variant hunting within a repository.
  • [INDIRECT_PROMPT_INJECTION]: The skill exhibits an inherent attack surface for indirect prompt injection because it reads and processes untrusted data from the analyzed codebase.
  • Ingestion points: Untrusted codebase files are ingested through the Read and Grep tools.
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore potentially malicious instructions embedded in the analyzed code.
  • Capability inventory: The skill has access to powerful capabilities including Bash and Task tools for script execution.
  • Sanitization: No explicit sanitization or validation of the codebase content is performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 11:16 AM
Security Audit — agent-trust-hub — variant-analysis