asvs-audit
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE] (SAFE): The skill includes comprehensive 'Exclusions' and 'Sensitive files' lists, preventing the agent from reading potentially sensitive data like .env files, private keys, and cloud credentials. It also mandates the redaction of secrets from audit evidence.
- [COMMAND_EXECUTION] (SAFE): Terminal usage is restricted to standard analysis tools like grep and git for the purpose of path resolution and code searching within the target repository.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill relies entirely on local assets (CSV and markdown templates) bundled within its own workspace. There are no instructions to download or execute external scripts.
- [PROMPT_INJECTION] (SAFE): The directives are strictly focused on audit methodology and do not attempt to manipulate the AI agent's underlying safety filters or operational constraints.
Audit Metadata