static-application-security-testing
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates the use of reputable security tools including Semgrep, CodeQL, Bandit, and ESLint for vulnerability detection.
- [SAFE]: Examples of hardcoded credentials and security vulnerabilities are provided solely for documentation and illustrative purposes to demonstrate the output of the analysis tools.
- [PROMPT_INJECTION]: The skill processes untrusted source code as its primary input, which presents a surface for indirect prompt injection via code comments or strings. This is a characteristic of the SAST task itself rather than a malicious instruction within the skill.
- Ingestion points: Local source code directories (e.g., /app) accessed by analysis tools.
- Boundary markers: None specified to differentiate code content from agent instructions.
- Capability inventory: Execution of CLI tools (semgrep, codeql, bandit, eslint) and generation of report files.
- Sanitization: No sanitization or filtering of source code content is performed prior to analysis.
Audit Metadata