security-review
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected. The skill serves as an educational and procedural guide for security auditing.\n- [COMMAND_EXECUTION]: The skill recommends using standard command-line tools such as
git grep,fd,ast-grep, andbatto inspect source code for vulnerabilities. These tools are used for read-only analysis of the local repository and are appropriate for the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted codebase content, which inherently exposes the agent to potential indirect prompt injection if the code contains adversarial instructions.\n - Ingestion points: The agent reads file content and search results from the repository being audited (e.g., via
git grep,ast-grep,bat).\n - Boundary markers: The instructions do not specify explicit delimiters or markers to separate untrusted code content from the agent's analysis logic.\n
- Capability inventory: The skill leverages read-only repository tools including
git grep,ast-grep,fd, andbat.\n - Sanitization: No explicit sanitization or filtering of ingested content is prescribed; the skill relies on the agent's underlying safety filters and the auditor's review.
Audit Metadata