secure-code-review
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation providing advice on input validation, secrets management, and authentication. It does not include any executable scripts, tool calls, or automated actions.
- [PROMPT_INJECTION]: No instructions were found that attempt to override system prompts, bypass safety filters, or disclose internal configuration.
- [DATA_EXFILTRATION]: The skill does not contain any commands to access sensitive files (~/.ssh, .env) or perform network operations (curl, wget) to external domains.
- [REMOTE_CODE_EXECUTION]: There are no patterns for downloading external scripts or installing unverified packages. It explicitly recommends auditing dependencies using standard tools.
- [COMMAND_EXECUTION]: No shell commands, subprocess calls, or privilege escalation attempts (sudo, chmod) are present in the skill content.
Audit Metadata