vulnerability-scanner
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/security_scan.pyexecutes thenpm auditcommand viasubprocess.runto perform dependency vulnerability analysis. This is a legitimate administrative and security task consistent with the skill's primary purpose. - [DATA_EXFILTRATION]: The skill includes a secret scanner that identifies patterns like API keys, cloud credentials, and database connection strings in local files. No network operations or communication patterns were found that would transmit these discovered secrets externally; findings are restricted to the local execution context.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as
scripts/security_scan.pyingests untrusted content from project files into the agent's context for analysis. Ingestion points: External file reads inscripts/security_scan.py. Boundary markers: Absent in script output. Capability inventory: Subprocess execution fornpm auditand file read access inscripts/security_scan.py. Sanitization: Content is matched via regex and included in snippets without escaping or filtering. This represents a characteristic surface for analysis tools and does not escalate the verdict.
Audit Metadata