image-security-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): The skill is entirely instructional, providing guidance on how to use container security tools and implement hardening measures. No executable scripts, automated triggers, or malicious logic were detected.
- EXTERNAL_DOWNLOADS (LOW): The documentation mentions external security tools (Trivy, Grype, Snyk), but it does not provide automated installation scripts or download links from untrusted sources. It describes how to use these tools once they are present in the environment.
- CREDENTIALS_UNSAFE (SAFE): The skill demonstrates an example of a hardcoded API key, but it is explicitly labeled as a "Bad" practice and a vulnerability to be avoided, rather than being an actual credential exposure.
Audit Metadata