testing-security
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of standard security command-line utilities, including OWASP ZAP, Nuclei, Semgrep, Bandit, Snyk, Trivy, detect-secrets, and TruffleHog, for their intended security-auditing purposes.
- [EXTERNAL_DOWNLOADS]: It references official Docker images from well-known sources, such as OWASP, and installation through standard package managers like pip to obtain security testing tools.
- [DATA_EXFILTRATION]: The skill describes legitimate interaction with well-known security services (e.g., Snyk API) for vulnerability reporting and project management, utilizing environment variables for secure authentication.
Audit Metadata