security-scanning
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs security tools including Semgrep, OWASP dependency-check, Syft, Grype, and detect-secrets from official package registries and integrates official GitHub Actions for CI/CD workflows.
- [COMMAND_EXECUTION]: Executes security scanning CLI tools using the Bash tool to evaluate project source code, container images, and dependencies for vulnerabilities.
- [PROMPT_INJECTION]: The skill processes untrusted project data and manifest files, identifying an indirect prompt injection surface.
- Ingestion points: Reads all files and configuration manifests in the project directory for scanning.
- Boundary markers: No delimiters or boundary markers are used for the data being analyzed.
- Capability inventory: Employs the Bash tool for running security scans and the Write tool for generating results and reports.
- Sanitization: The skill relies on the internal parsing and validation mechanisms of the security tools themselves.
Audit Metadata