security-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate security auditor tool that identifies common vulnerabilities and secrets in codebases based on the OWASP Top 10 framework.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to executegrepsearches for security vulnerabilities and run local Python scripts. - [COMMAND_EXECUTION]: Executes
scripts/find_secrets.pyandscripts/security_audit.pyto identify credentials and generate audit reports. - [EXTERNAL_DOWNLOADS]: Recommends the use of official vulnerability scanners like
npm auditandpip-audit. - [DATA_EXFILTRATION]: Specifically scans for and identifies high-risk credentials including AWS and OpenAI keys within the local project environment for auditing purposes.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface. 1. Ingestion points: Codebase files read via
find_secrets.pyandgrepinstructions inSKILL.md. 2. Boundary markers: Absent. 3. Capability inventory:Bash,WebSearch, and file-writing viasecurity_audit.py. 4. Sanitization: None.
Audit Metadata