codeql-database-building
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes standard build and analysis commands including
codeql,go build, andjq. - These commands are required for the primary purpose of the skill (security analysis and database building).
- The commands operate on the local codebase and do not exhibit malicious intent.
- EXTERNAL_DOWNLOADS (LOW): The skill downloads CodeQL query packs using the official
codeql pack downloadcommand. - These packs (
codeql/go-queries,codeql/python-queries,codeql/javascript-queries) are maintained by GitHub, a trusted source, which downgrades the severity per [TRUST-SCOPE-RULE]. - The skill suggests installing
sarif-toolsviapip, which is a common utility for handling SARIF output.
Audit Metadata