swain-security-check
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various security-related binaries including gitleaks, semgrep, osv-scanner, trivy, and the git CLI to perform project-wide security audits. These operations are essential to the skill's primary function and are implemented using best practices such as timeouts and argument lists to prevent shell injection.
- [EXTERNAL_DOWNLOADS]: The skill detects missing security scanner binaries and provides standardized installation instructions via system package managers (e.g., Homebrew, apt) or official registries. These references target well-known open-source security tools.
- [SAFE]: The built-in context-file scanner includes a large library of regex patterns used to detect malicious behaviors (prompt injection, exfiltration, persistence) in other files. These patterns are used defensively for auditing purposes and are not executed by the skill itself.
- [SAFE]: Repository hygiene logic safely scans for tracked sensitive files (like .env) using git commands to prevent accidental credential leakage in version control.
Audit Metadata