sarif-parsing
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or safety bypass attempts were detected. The skill is authored by a reputable security organization (trailofbits) and contains legitimate technical guidance.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing standard, well-known security tools and libraries (e.g.,
jq,pysarif,sarif-tools,ijson,ajv-cli) from official package registries. These are standard dependencies for the skill's documented purpose. - [PROMPT_INJECTION]: The skill processes SARIF files which are externally generated and could potentially contain malicious findings designed to influence the agent (Indirect Prompt Injection surface). However, the skill treats this data structurally (JSON) and does not interpret findings as executable commands or system instructions.
- Ingestion points:
resources/sarif_helpers.py,SKILL.md(Strategy 1, 2, and 4) - Boundary markers: Not explicitly used in instructions, but structured parsing is employed
- Capability inventory: Shell execution (via Bash/jq), file read/write, and Python processing
- Sanitization: Relies on standard JSON parsing and schema validation without specific behavioral sanitization of finding messages
Audit Metadata