secrets-detector
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill instructs the agent to install third-party security tools gitleaks and detect-secrets using system package managers like Homebrew and pip. These are reputable tools from trusted sources.
- [COMMAND_EXECUTION] (LOW): The skill performs local filesystem scanning and git history searches to identify potential secrets. This is the primary function of the skill and involves standard command execution for security auditing.
- [INDIRECT_PROMPT_INJECTION] (LOW): As a scanning tool, it processes untrusted local files. While this presents an injection surface, the risk is mitigated by the skill's specific purpose of reporting findings rather than executing code found within those files.
Audit Metadata