security-auditor

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a legitimate security auditor tool that identifies common vulnerabilities and secrets in codebases based on the OWASP Top 10 framework.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute grep searches for security vulnerabilities and run local Python scripts.
  • [COMMAND_EXECUTION]: Executes scripts/find_secrets.py and scripts/security_audit.py to identify credentials and generate audit reports.
  • [EXTERNAL_DOWNLOADS]: Recommends the use of official vulnerability scanners like npm audit and pip-audit.
  • [DATA_EXFILTRATION]: Specifically scans for and identifies high-risk credentials including AWS and OpenAI keys within the local project environment for auditing purposes.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface. 1. Ingestion points: Codebase files read via find_secrets.py and grep instructions in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash, WebSearch, and file-writing via security_audit.py. 4. Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 06:16 PM
Security Audit — agent-trust-hub — security-auditor