security-django
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill includes a bash script (
scripts/scan.sh) that usesripgrep(rg) andfindto scan local project files for security patterns. All commands are restricted to local file system analysis and do not execute downloaded or untrusted content. - DATA_EXFILTRATION (SAFE): The script only performs local read operations for auditing purposes. There are no network calls or mechanisms to send the audited data to external servers.
- CREDENTIALS_UNSAFE (SAFE): While the documentation discusses
SECRET_KEY, it correctly identifies hardcoded keys as a risk and provides remediation guidance to use environment variables instead. No actual credentials are leaked by the skill itself. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-provided code (Django settings and views). While an attacker could theoretically embed malicious instructions in a code comment to influence the auditor, the skill's narrow focus on specific regex patterns and structured checklists provides a high level of resilience against such attacks.
Audit Metadata