security-scan
Warn
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands and scripts, including the dynamic invocation of installation commands and a database script located at '.claude/skills/bazinga-db/scripts/bazinga_db.py'.
- [EXTERNAL_DOWNLOADS]: Automatically fetches and installs several third-party security tools (e.g., Bandit, Gosec, Brakeman, Semgrep) from well-known package registries if they are not detected on the host system.
- [DATA_EXFILTRATION]: Accesses an internal SQLite database at 'bazinga/bazinga.db' to retrieve session identifiers and record tool outputs, which involves reading local metadata about agent sessions.
- [PROMPT_INJECTION]: Incorporates raw output from security scanners into the agent's context without sanitization or boundary markers, creating a surface for indirect prompt injection.
- Ingestion points: bazinga/artifacts/{SESSION_ID}/skills/security_scan.json
- Boundary markers: Absent in the reporting instructions.
- Capability inventory: System shell access (Bash/PowerShell), package installation (pip, npm, go, gem), and database read/write access.
- Sanitization: None; external tool outputs are interpolated directly into the summary output.
Audit Metadata