code-security-audit
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell scripts (
scripts/dep_audit.shandscripts/dep_audit_java.sh) to execute external security scanners such aspip-audit,npm audit,govulncheck, andmvn. These tools are used for the legitimate purpose of identifying vulnerabilities in project dependencies as part of the audit process. - [EXTERNAL_DOWNLOADS]: The auditing tools invoked by the skill connect to trusted package registries (e.g., NPM, PyPI) and vulnerability databases to fetch up-to-date security metadata.
- [SAFE]: The skill is a well-documented security framework. It includes comprehensive rules for vulnerability detection, examples of audit reports (e.g., for OWASP Juice Shop), and structured reporting templates. The hardcoded credentials found in the reference documentation are explicitly labeled as example findings from a vulnerable application and do not pose a security risk to the user's environment.
Audit Metadata