secure
Pass
Audited by Gen Agent Trust Hub on Jul 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured guidelines and local utilities for performing security audits on user-provided codebases.
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
scripts/project_scraper.pyandscripts/inventory_scan.py) to scan projects for capabilities and security patterns. These scripts are transparent and do not perform network requests or escalate privileges. - [DATA_EXFILTRATION]: No exfiltration vectors were identified. The included scripts process data locally and contain redaction logic to prevent the accidental exposure of discovered secrets in the output.
- [PROMPT_INJECTION]: The skill's instructions establish strict operational standards and output formats for security reviews without attempting to subvert the underlying agent's safety protocols.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted code, the workflow requires the agent to verify all findings against the original source code, mitigating risks from instructions embedded in the analyzed data.
Audit Metadata