siege
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches live security intelligence and vulnerability data from highly trusted organizations and well-known services, specifically OWASP (owasp.org) and CISA (cisa.gov).
- [COMMAND_EXECUTION]: Executes standard industry-standard auditing and development tools including git, ripgrep (rg), npm audit, pip audit, cargo audit, and govulncheck to analyze project structure and identify known vulnerabilities in dependencies.
- [DATA_EXFILTRATION]: Manages sensitive security data, including identified vulnerabilities and threat models, by storing them in a persistent directory outside of the project repository (~/.claude/projects/) and explicitly ensuring these files are added to .gitignore to prevent accidental exposure.
- [PROMPT_INJECTION]: Implements several defensive strategies to handle untrusted code analysis, including 'steel-man' synthesis to validate findings and a 'Fresh Attacker' agent designed to break epistemic closure and avoid common model biases when reviewing potentially malicious content.
Audit Metadata