Skills
skills/agentsecops/secopsagentkit/sca-trivy/Gen Agent Trust Hub

sca-trivy

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the Trivy scanner from official and trusted sources, including well-known package managers (Homebrew, APT) and the official Docker Hub repository for Aqua Security.
  • [EXTERNAL_DOWNLOADS]: CI/CD integration examples use the official GitHub Action from the aquasecurity organization, which is a standard and trusted practice for automated security scanning.
  • [COMMAND_EXECUTION]: The skill utilizes command-line execution of the trivy tool to perform its primary functions, such as scanning container images, filesystems, and infrastructure-as-code (IaC) configurations.
  • [DATA_EXPOSURE]: The skill includes explicit security considerations regarding the handling of sensitive data, such as registry credentials and vulnerability reports, advising users to utilize environment variables or credential helpers rather than hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 06:24 PM