verify-security
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a security tool for local code analysis. It provides logic to detect hardcoded secrets (e.g., OpenAI, Anthropic, AWS, GitHub keys) and unpinned dependencies within a project.
- [SAFE]: Analysis of file discovery and processing steps shows no data exfiltration or unauthorized network operations. The instructions explicitly state that analysis remains local and never leaves the machine.
- [SAFE]: No obfuscation, prompt injection, or persistence mechanisms were identified. The metadata correctly describes the tool's functionality, and there are no hidden commands or encoded payloads.
- [SAFE]: Indirect Prompt Injection risk is evaluated as minimal because the skill is restricted to read-only analysis and report generation. It does not utilize shell execution, network tools, or other high-privilege capabilities. The ingestion points are local source and configuration files (e.g., pyproject.toml, package.json), and the output is bounded by a structured report template.
Audit Metadata