owasp-top-10-web
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard security auditing tool that uses static analysis to identify vulnerabilities. It does not perform any network operations, exfiltrate data, or execute untrusted code.
- [PROMPT_INJECTION]: The skill has an inherent surface for indirect prompt injection because it processes untrusted source code and configuration files. It mitigates this risk by including a 'Prompt Injection Safety Notice' (SKILL.md) that instructs the agent to treat all code content as data and ignore any embedded directives. This surface is necessary for its primary purpose of security auditing.
- [DATA_EXFILTRATION]: No network access or data exfiltration mechanisms were identified. The analysis is performed entirely within the local context of the provided project files using standard file-reading tools.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns or package installation commands were detected. The skill relies exclusively on static pattern matching using platform-provided tools (Read, Grep, Glob).
Audit Metadata