security-audit

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes shell commands via Python's subprocess.run to execute security scanners and audit system configurations. Specifically, scripts/full_scan.py and scripts/dependency_check.py invoke tools like bandit, semgrep, npm audit, and pip-audit. Additionally, references/server_hardening.md provides commands for managing system services and firewalls (e.g., systemctl restart sshd, ufw status). These operations are necessary for the skill's primary function and use list-based arguments to mitigate injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of several well-known security tools from official package registries (npm and PyPI). It also references npx fix-react2shell-next, which downloads and executes a script from npm to remediate a specific vulnerability. These resources originate from well-known and trusted services.
  • [DATA_EXFILTRATION]: The skill is designed to access sensitive configuration files (e.g., /etc/ssh/sshd_config, /etc/shadow) and scan for hardcoded secrets within the project directory. To mitigate the risk of data exposure, the skill includes a redact_secret function in scripts/secrets_scan.py and explicit instructions in SKILL.md to only report the location and type of discovered credentials rather than their full plain-text values.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes untrusted data from the project being scanned.
  • Ingestion points: Reads source code, dependency manifests (package.json, requirements.txt), and system configuration files across all scanning scripts.
  • Boundary markers: SKILL.md includes clear authorization boundaries, instructing the agent to only audit authorized systems and refuse third-party scanning requests.
  • Capability inventory: The skill can execute shell commands, read/write files to a security_report/ directory, and utilize various security tools via subprocess.run (found in scripts/full_scan.py and scripts/dependency_check.py).
  • Sanitization: Discovered secrets are redacted before being included in generated reports to prevent accidental disclosure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:12 AM
Security Audit — agent-trust-hub — security-audit