security-review

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns or security risks were detected. The skill serves as an educational and procedural guide for security auditing.\n- [COMMAND_EXECUTION]: The skill recommends using standard command-line tools such as git grep, fd, ast-grep, and bat to inspect source code for vulnerabilities. These tools are used for read-only analysis of the local repository and are appropriate for the skill's stated purpose.\n- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted codebase content, which inherently exposes the agent to potential indirect prompt injection if the code contains adversarial instructions.\n
  • Ingestion points: The agent reads file content and search results from the repository being audited (e.g., via git grep, ast-grep, bat).\n
  • Boundary markers: The instructions do not specify explicit delimiters or markers to separate untrusted code content from the agent's analysis logic.\n
  • Capability inventory: The skill leverages read-only repository tools including git grep, ast-grep, fd, and bat.\n
  • Sanitization: No explicit sanitization or filtering of ingested content is prescribed; the skill relies on the agent's underlying safety filters and the auditor's review.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 05:23 AM
Security Audit — agent-trust-hub — security-review