deepsource
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the local
deepsourceCLI to interact with the vendor's platform. Commands likedeepsource issuesanddeepsource report-cardare used to fetch structured data for analysis. These operations are restricted to the tool's intended functionality. - [EXTERNAL_DOWNLOADS]: No unauthorized downloads or remote code execution patterns were detected. The skill references official vendor documentation and relies on the
deepsourceCLI, which is a legitimate tool provided by the vendor (DeepSourceCorp). - [SAFE]: No malicious patterns, such as hardcoded credentials, data exfiltration, or prompt injection, were found in the skill's instructions or the supporting shell script. The script
scripts/check_auth.shperforms standard authentication and installation checks using safe practices.
Audit Metadata