Skills
skills/justinlevinedotme/jalco-opencode/security-secrets/Gen Agent Trust Hub

security-secrets

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill's primary purpose is security auditing and secret detection. It uses well-known regex patterns for identifying credentials (AWS, Google, GitHub, Stripe, etc.) and provides instructions for redaction and remediation.
  • [COMMAND_EXECUTION]: The provided shell scripts (scripts/scan-all.sh and scripts/scan.sh) execute local commands like rg (ripgrep), grep, and find to scan the local directory for secrets. This is the intended and documented behavior of a security scanning skill.
  • [REMOTE_CODE_EXECUTION]: The SKILL.md mentions external security scanners like gitleaks, semgrep, and trufflehog. These are standard industry tools for secret detection and are referenced as recommended CLI commands for the user to run manually.
  • [DATA_EXPOSURE]: While the skill scans for sensitive files (like .env, .pem, and credentials), it does so to report them to the user for remediation. There is no evidence of these secrets being exfiltrated or sent to any external network location.
  • [NO_CODE]: The skill includes local shell scripts for automation, but they operate locally on the user's filesystem without network access or obfuscation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 09:17 AM