iac-security
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents standard practices for using trusted security scanners. All listed tools (Checkov, tfsec, Terrascan, KICS, kubesec, Trivy, Conftest) are reputable open-source projects.
- [EXTERNAL_DOWNLOADS]: The skill references downloads from trusted sources including GitHub (github.com/aquasecurity, github.com/bridgecrewio), Docker Hub (checkmarx/kics), and official package registries (pip, brew). These align with the [TRUST-SCOPE-RULE] as they target well-known organizations.
- [COMMAND_EXECUTION]: Shell commands provided are intended for local infrastructure scanning. Commands like
checkov -d .ortfsec .are standard usage for these utilities. - [REMOTE_CODE_EXECUTION]: While the skill mentions GitHub Actions and GitLab CI, these are common integrations for the stated purpose. The remote resources used in these examples (e.g., bridgecrewio/checkov-action) are official vendor-provided actions.
- [DATA_EXFILTRATION]: One curl command targets
https://v2.kubesec.io/scan. This is the documented official API endpoint for the kubesec tool and is used as intended for remote manifest scanning.
Audit Metadata