Skills
skills/borghei/claude-skills/tech-debt-tracker/Gen Agent Trust Hub

tech-debt-tracker

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded dummy credentials and database connection strings are present in the provided sample codebase for testing and demonstration purposes.
  • Evidence in assets/sample_codebase/src/user_service.py: DATABASE_URL = "postgresql://user:password123@localhost:5432/mydb" and API_KEY = "sk-1234567890abcdef".
  • Evidence in assets/sample_codebase/src/payment_processor.py: self.stripe_key = "sk_test_1234567890", self.paypal_key = "paypal_secret_key_here", and self.square_key = "square_api_key".
  • Evidence in assets/sample_codebase/src/frontend.js: const API_KEY = "abc123def456";.
  • Note: These findings are located within a folder named sample_codebase, which is explicitly documented as a testing asset for the debt scanner.
  • [EXTERNAL_DOWNLOADS]: The payment_processor.py script in the sample codebase uses the requests library to simulate interactions with external payment providers (Stripe, Square, and PayPal).
  • [SAFE]: The primary logic and tool scripts (debt_scanner.py, debt_prioritizer.py, and debt_dashboard.py) use standard Python libraries to perform static analysis and generate reports without executing untrusted code or exfiltrating data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 01:08 AM