security-ownership-map
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected. The skill provides legitimate functionality for repository audit and security topography mapping without any identified malicious behavior.
- [COMMAND_EXECUTION]: The skill executes
git logcommands viasubprocessto extract commit history. These calls use the list-based argument format and avoidshell=True, which is a secure practice to prevent shell injection vulnerabilities. - [DATA_EXPOSURE]: The skill scans for sensitive file paths (e.g., auth, crypto, and secrets directories) and attributes them to authors via their name and email found in git history. This data is intended for local risk analysis and is stored exclusively in a user-defined local output directory; no evidence of network transmission or external data exposure was found.
- [EXTERNAL_DOWNLOADS]: The skill requires the
networkxPython package for graph analysis. This is a well-known, legitimate library in the data science community. The skill does not attempt to download code from untrusted remote sources at runtime.
Audit Metadata