Skills
skills/trailofbits/skills/audit-augmentation/Gen Agent Trust Hub

audit-augmentation

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No security issues were identified in the skill instructions or code examples.
  • [EXTERNAL_DOWNLOADS]: The skill installs the trailmark package from a standard registry; this is a legitimate vendor tool for code graph analysis.
  • [COMMAND_EXECUTION]: The skill uses the trailmark CLI to process audit findings, which aligns with its primary documented purpose.
  • [PROMPT_INJECTION]: The skill processes external files (SARIF and weAudit), representing a surface for indirect prompt injection. 1. Ingestion points: augment_sarif and augment_weaudit in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: CLI command execution (uv run) in SKILL.md. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 09:07 PM