secrets-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): No malicious code or suspicious patterns detected. The skill contains documentation, configuration templates, and script examples for industry-standard secrets management tools.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references several third-party GitHub Actions and Docker images, including 'hashicorp/vault-action', 'aws-actions/configure-aws-credentials', and 'trufflesecurity/trufflehog'. These are well-known and reputable tools in the security and DevOps community.
- [CREDENTIALS_UNSAFE] (SAFE): While the code snippets contain strings like 'password=secret' or 'VAULT_TOKEN=root', these are clearly designated as example/default values for a local development environment ('vault server -dev') and do not represent hardcoded production credentials.
Audit Metadata