Skills
skills/julianobarbosa/claude-code-skills/dependency-track-skill/Gen Agent Trust Hub

dependency-track-skill

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill references official Docker images (PostgreSQL, Alpine, Maven, Node.js) and GitHub Actions from the official Dependency-Track organization. These are considered trusted external sources.
  • [CREDENTIALS_UNSAFE] (LOW): The docker-compose-production.yaml file includes a default password 'changeme' as a fallback. While standard for templates, this is a minor best-practice violation.
  • [COMMAND_EXECUTION] (SAFE): Bash scripts provided for SBOM uploading and security gate checks use standard system utilities like curl and jq to interact with the Dependency-Track API. They do not exhibit any dangerous dynamic execution patterns.
  • [DATA_EXFILTRATION] (SAFE): Network operations are restricted to the primary purpose of the skill: communicating with a user-configured Dependency-Track instance to transmit SBOM data.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:02 PM