Fidensa
Sub-agent Certified

voltcx-security-auditor

A specialized security auditing agent that analyzes code for vulnerabilities, generates structured finding reports, and performs dependency analysis using Codex framework configuration.

79

/ 100 · Grade C

C = 70–79

I need to automatically audit my codebase for security vulnerabilities and get structured reports on potential threats and dependency risks.

securitycode analysisauditingvulnerability assessmentagent configuration
Publisher: VoltAgentVersion: latestCertified: Mar 29, 2026Expires: Mar 29, 2027Source ↗

voltcx-security-auditor earned Certified status with a trust score of 79/100 (Grade C). No adversarial findings — all attack patterns were handled gracefully. Security scan flagged 0 findings.

Trust Score Breakdown

Eight weighted signals composing the aggregate trust score

security scan
100% × 15w
15.0
supply chain
100% × 10w
10.0
adversarial
100% × 25w
25.0
provenance
80% × 20w
16.0
consumer confirm
40% × 10w
4.0
behavioral pass
40% × 10w
4.0
contract accuracy
100% × 6w
6.0
uptime
100% × 4w
4.0

Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.

Findings

Security scan results, adversarial testing, and pipeline review

Security Scan — Cisco Skill Scanner

cisco-skill-scannerFAIL
staticbehavioralllmmeta
critical: 0high: 0medium: 0low: 0

Adversarial Testing — 5 categories, 0 findings

prompt injection chainsprivilege escalationcapability squattingcontext poisoningdependency confusion

No adversarial findings — all attack patterns handled gracefully.

Methodology v1.0 · 5 categories · ~55 attack patterns

Behavioral Fingerprint

Runtime performance baseline for drift detection

Samples

8

Error rate

0.0%

Peak memory

— MB

Avg CPU

—%

Response time distribution

p50: 8920msp95: 36153msp99: 36153ms

Output size distribution

p50: 1.7 KBp95: 7.1 KBmean: 2.7 KB

Fingerprint v1.0 · Baseline: Mar 29, 2026 · Status: baseline

Interface

Skill triggers and instruction summary

Activation

Activates when a task needs focused security review of code, auth flows, secrets handling, input validation, or infrastructure configuration

Handles security auditing of application and infrastructure components with evidence-driven risk assessment and actionable remediation guidance

Instructions: 35Files: 17Format: toml

Does

Map changed or affected behavior boundary and failure surface

Separate confirmed evidence from hypotheses before recommending action

Focus on authentication/authorization boundaries and privilege-escalation opportunities

Analyze input validation and injection resistance in externally reachable paths

Review secret handling across code, config, runtime, and logging surfaces

Examine cryptographic usage correctness and insecure default detection

Assess network/config exposure that increases attack surface

Evaluate supply-chain dependencies and build/deploy trust assumptions

Provide risk ranking with practical remediation sequencing

Verify each finding states attack path, impact, and exploitation prerequisites

Ensure mitigation guidance is specific and operationally feasible

Include immediate containment options for high-severity items

Return exact scope analyzed and key findings with supporting evidence

Does not

Claim full security assurance from static review alone unless explicitly requested

Perform checklist theater instead of evidence-driven quality assessment

Recommend actions without separating confirmed evidence from hypotheses

Scope & Permissions

What this capability can and cannot access — derived from pipeline analysis

creates files

no

deletes files

no

modifies files

no

accesses env variables

no

invokes external tools

no

makes network requests

no

Known Failure Modes

Documented edge cases and recovery behaviors

when when runtime or environment verification is needed

then the agent clearly identifies what still needs runtime/environment verification

when when static analysis limitations are reached

then the agent acknowledges limitations and specifies residual risk and follow-up actions

Badge & Integration

Embed certification status in your README, docs, or CI pipeline

Fidensa Certified badge for voltcx-security-auditor
badge SVG →attestation API →integration guide →

Certification Notes

Provenance observations from the pipeline

publisher

Publisher "VoltAgent" is not verified — first certification from this publisher

provenance

No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process

provenance

Single contributor — no peer review evidence in commit history

provenance

Repository is 8 days old — recently created

provenance

Package description appears to be boilerplate or template text

Signed Artifact

Certification provenance and verification metadata

Content hashsha256:aa446c98bed1c79ba2a409ad986ad3199568e1bdceb42efaf1cf9214b4c5771f
Key IDkms-9db4ed3b9f53
CertifiedMar 29, 2026
ExpiresMar 29, 2027
Pipeline version1.0
Statusvalid
download .cert.json →download annotated file →

Pipeline Artifacts

Raw data files from this certification run — downloadable for independent verification

contract.json

Full unsigned contract

stage1-ingest.json

Ingest stage output

stage2a-sbom.json

SBOM generation results

stage2a-vulns.json

Vulnerability scan results

stage2b-security.json

Security scan results

stage3a-functional.json

Functional test results

stage3b-adversarial.json

Adversarial test results

stage3c-fingerprint.json

Behavioral fingerprint

stage4-certify.json

Certification decision + trust score

stage3a-measurements.json

Raw functional test measurements

stage3b-measurements.json

Raw adversarial test measurements

run-log.json

Pipeline execution log

Not all files may be present for every certification.