security-audit
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's instructions and reference documents provide legitimate guidance for security auditing, secret detection, and threat modeling.
- [COMMAND_EXECUTION]: Executes standard security tools such as gitleaks, semgrep, and trivy, as well as local git commands to analyze the codebase. These operations are conducted locally and are consistent with the skill's diagnostic purpose.
- [DATA_EXFILTRATION]: No network exfiltration or external data transmission behaviors were identified. The skill reads local project files and generates reports on the local filesystem.
- [PROMPT_INJECTION]: No instructions were found that attempt to override agent safety guidelines or system prompts. The skill presents an attack surface for indirect prompt injection because it ingests untrusted codebase files. Ingestion points: target project files read during analysis (SKILL.md). Boundary markers: none. Capability inventory: shell command execution and file writes. Sanitization: none. The risk is considered low as the tool's intended use is for security assessment and includes verification steps.
- [SAFE]: All referenced tools and external patterns are consistent with the project's stated goal and author infrastructure.
Audit Metadata