secrets-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No attempts to override system instructions or bypass safety guardrails were detected. The content consists entirely of technical documentation and examples.
- [Data Exposure & Exfiltration] (SAFE): The skill contains example strings such as 'super-secret-password' and 'password=secret'. These are clearly identifiable as documentation placeholders and do not represent actual sensitive data or credentials. No code for exfiltrating data to external domains was found.
- [External Downloads] (SAFE): The skill references 'hashicorp/vault-action' and 'trufflesecurity/trufflehog'. HashiCorp is a verified trusted organization. TruffleHog is a standard security industry tool for secret scanning. These references are appropriate for the skill's stated purpose.
- [Command Execution] (SAFE): Command snippets (vault, aws, docker) are provided as static examples for implementation by the user. There is no automated or hidden execution of these commands within the skill structure.
Audit Metadata