container-security
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill documents industry-standard security practices for container images. External downloads are limited to official binary releases from well-known GitHub organizations.
- [COMMAND_EXECUTION]: Provides standard commands for Azure CLI (az acr) and Trivy for infrastructure management and security auditing. These are consistent with the skill's stated purpose and follow best practices.
- [EXTERNAL_DOWNLOADS]: Fetches installation packages from GitHub's official release infrastructure. This is documented neutrally as part of a tool installation guide for components like k9s, yq, and argo-cd.
- [DATA_EXPOSURE_AND_EXFILTRATION]: While the skill involves credential management commands (e.g., az acr login), it correctly uses placeholders and does not leak any hardcoded secrets or environment variables.
Audit Metadata