agent-use

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The validation tool (scripts/validate_skill.py) uses subprocess.call to execute the --help command of scripts within the skill directory. This is used solely to verify that the scripts correctly implement a standard help interface and uses the local Python interpreter without shell execution.
  • [EXTERNAL_DOWNLOADS]: The web readiness probe (scripts/web_agent_readiness.py) makes network requests to user-provided URLs using the urllib library to check for agent-specific discovery files like llms.txt. These requests are targeted, non-obfuscated, and do not involve the exfiltration of sensitive local data.
  • [PROMPT_INJECTION]: The skill generates reports based on the analysis of repository files and web content. This presents a potential surface for indirect prompt injection if the scanned content contains instructions designed to mislead the agent. However, the risk is inherent to any auditing tool, and the skill performs basic sanitization and truncation of extracted snippets.
  • [SAFE]: No obfuscation, persistence mechanisms, or unauthorized credential access patterns were detected. The skill's architecture is transparent and follows security best practices for local development tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:28 PM
Security Audit — agent-trust-hub — agent-use