octopus-security-audit
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of an orchestration script (orchestrate.sh) to spawn personas and execute auditing tasks. This command execution is a standard functional component for agents in this environment.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection attack surface because it is designed to ingest and analyze untrusted source code and configurations.
- Ingestion points: Codebase files, payment processing modules, and form handlers mentioned in the usage and example sections.
- Boundary markers: No explicit delimiters or instructions to ignore embedded natural language commands in the analyzed code are defined.
- Capability inventory: The skill possesses capabilities for credential detection, vulnerability scanning, and command execution through its integrated personas.
- Sanitization: No input sanitization or validation logic is specified for processing external data content.
Audit Metadata