code-security-auditor
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing a methodology for performing manual static analysis of software projects. It includes strong safety constraints, explicitly forbidding the execution of any analyzed code and instructing the agent to maintain a skeptical, 'security-first' posture.
- [INDIRECT_PROMPT_INJECTION]: The skill's primary function involves ingesting and processing untrusted external data (source code and configuration files). This creates a surface for indirect prompt injection where malicious instructions could be embedded in code comments or strings to deceive the auditor.
- Ingestion points: Processes source code, dependency manifests (package.json, requirements.txt, etc.), and configuration files.
- Boundary markers: Lacks specific technical delimiters for input isolation, but provides clear instructional boundaries ('DO NOT assume code is safe').
- Capability inventory: Performs static analysis and text processing; explicitly prohibits code execution.
- Sanitization: Relies on the agent's reasoning to distinguish between data and instructions during the audit process.
Audit Metadata