security-audit
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates bash scripts (
security-audit.shandgithub-security-audit.sh) that use standard system utilities like grep and jq, as well as the GitHub command-line interface. These tools are used to analyze source code and repository metadata for security flaws, which is a legitimate and expected function of an auditing skill. - [DATA_EXFILTRATION]: The auditing scripts perform read-only operations on local project files and GitHub API endpoints to assess security posture. No sensitive data is transferred to third-party domains or external entities.
- [PROMPT_INJECTION]: The skill instructions and reference materials do not contain any patterns intended to override agent behavior, bypass safety protocols, or manipulate system prompts. All instructional language is focused on security assessment methodologies.
- [REMOTE_CODE_EXECUTION]: There is no evidence of remote script execution, dynamic code loading from untrusted sources, or the installation of unverified runtime dependencies. The skill provides configuration guidance for well-known security scanners like semgrep and trivy, but does not execute them automatically.
Audit Metadata