security-express
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No sensitive data exposure or exfiltration patterns detected. Example hardcoded strings like 'keyboard cat' are for instructional purposes only.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external dependencies are downloaded or executed. The skill relies on ripgrep (rg) for local static analysis.
- [Command Execution] (SAFE): The script 'scripts/scan.sh' executes ripgrep locally to scan source code. This command execution is the primary purpose of the skill and is restricted to file reading.
- [Indirect Prompt Injection] (SAFE): The skill processes local source code as part of its audit function. 1. Ingestion points: Local directory files read by scripts/scan.sh. 2. Boundary markers: None. 3. Capability inventory: File read access via ripgrep. 4. Sanitization: None. This surface is inherent to the skill's purpose as a security scanner.
Audit Metadata