aos-audit
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured guidelines and code examples for performing security reviews. The instructions and references align with the stated purpose of identifying vulnerabilities such as improper authentication, missing input validation, and insecure file handling.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to process and analyze user-provided source code. While the instructions are focused on reporting security findings, ingesting untrusted code from external sources (PRs, file uploads) constitutes an attack surface for indirect prompt injection. However, the skill does not possess high-risk capabilities like network access or arbitrary command execution that could be exploited via this vector.
- Ingestion points: Reads user-selected source code files for audit.
- Boundary markers: None explicitly defined in the prompt template.
- Capability inventory: No subprocess execution, file writing, or network operations are defined.
- Sanitization: None detected.
Audit Metadata