security-audit
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands via Python's
subprocess.runto execute security scanners and audit system configurations. Specifically,scripts/full_scan.pyandscripts/dependency_check.pyinvoke tools likebandit,semgrep,npm audit, andpip-audit. Additionally,references/server_hardening.mdprovides commands for managing system services and firewalls (e.g.,systemctl restart sshd,ufw status). These operations are necessary for the skill's primary function and use list-based arguments to mitigate injection risks. - [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of several well-known security tools from official package registries (npm and PyPI). It also references
npx fix-react2shell-next, which downloads and executes a script from npm to remediate a specific vulnerability. These resources originate from well-known and trusted services. - [DATA_EXFILTRATION]: The skill is designed to access sensitive configuration files (e.g.,
/etc/ssh/sshd_config,/etc/shadow) and scan for hardcoded secrets within the project directory. To mitigate the risk of data exposure, the skill includes aredact_secretfunction inscripts/secrets_scan.pyand explicit instructions inSKILL.mdto only report the location and type of discovered credentials rather than their full plain-text values. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes untrusted data from the project being scanned.
- Ingestion points: Reads source code, dependency manifests (package.json, requirements.txt), and system configuration files across all scanning scripts.
- Boundary markers:
SKILL.mdincludes clear authorization boundaries, instructing the agent to only audit authorized systems and refuse third-party scanning requests. - Capability inventory: The skill can execute shell commands, read/write files to a
security_report/directory, and utilize various security tools viasubprocess.run(found inscripts/full_scan.pyandscripts/dependency_check.py). - Sanitization: Discovered secrets are redacted before being included in generated reports to prevent accidental disclosure.
Audit Metadata