python-security
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a defensive resource providing security guidelines. It contains no malicious logic or hidden functions.
- [REMOTE_CODE_EXECUTION]: Automated alerts regarding RCE and code injection are confirmed false positives.
- Evidence: Scanner patterns misinterpreted markdown table separators (|) and checklist text (e.g., "Verify no use of eval()") in SKILL.md and references/security-checklist.md.
- Evidence: Vulnerable code snippets are clearly presented as anti-patterns for educational contrast with secure remediation examples.
- [COMMAND_EXECUTION]: The skill includes shell command examples for industry-standard security auditing tools.
- Evidence: Instructions provide CLI examples for installing and running bandit, semgrep, pip-audit, and safety.
- [EXTERNAL_DOWNLOADS]: References and instructions target well-known security tools and official package registries.
- Evidence: Mentions standard security tools such as trivy, bandit, and semgrep.
- [PROMPT_INJECTION]: No prompt injection or behavior override patterns were detected within the instructional content.
- [DATA_EXFILTRATION]: No exfiltration logic or network-send patterns for sensitive data were found. The skill specifically guides users to avoid hardcoding secrets and to use secure vault managers.
Audit Metadata