fortify-scsast
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is strictly documentation-based, providing instructions and parameter schemas for external MCP tools.
- [CREDENTIALS_SAFE] (SAFE): No hardcoded credentials were found. The documentation correctly instructs the user to handle authentication locally via a separate CLI tool and provides placeholders for sensitive information like tokens and URLs.
- [COMMAND_EXECUTION] (SAFE): While the skill mentions bash commands, they are presented as examples for the user to run manually on their local machine for authentication purposes, not as scripts executed by the agent.
- [EXTERNAL_DOWNLOADS] (SAFE): References to external documentation (Fortify/GitHub) are to well-known, trusted security tool repositories and documentation sites.
Audit Metadata