security-and-trust-boundaries
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language to guide the agent through security audits. These instructions are strictly defensive, aimed at improving code safety, and do not attempt to override system prompts or bypass AI safety guardrails.
- [DATA_EXFILTRATION]: No network operations or sensitive file access patterns were detected. The skill provides guidelines for secret management but does not include or request hardcoded credentials.
- [REMOTE_CODE_EXECUTION]: The skill does not download or execute remote code. It correctly identifies and warns against risky patterns in user code, such as shell execution and unsafe deserialization.
- [COMMAND_EXECUTION]: No command execution patterns were found. The skill contains documentation on how to safely use subprocesses in development but does not execute them itself.
- [SAFE]: The skill's primary purpose is education and auditing. It encourages the agent to notify users about security risks like hardcoded credentials and IDOR vulnerabilities, aligning with security best practices.
Audit Metadata