codeql
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation directs users to download the official CodeQL bundle from github.com/github/codeql-action/releases, which is a trusted and well-known source for the toolchain.
- [COMMAND_EXECUTION]: The skill provides instructions for standard CLI operations like database create and database analyze, which are legitimate and necessary for the tool's intended security scanning purpose.
- [CREDENTIALS_UNSAFE]: Mentions the standard use of GITHUB_TOKEN for secure authentication with GitHub's APIs; no hardcoded credentials or unauthorized data exfiltration patterns were observed.
Audit Metadata