Skills
skills/mukul975/anthropic-cybersecurity-skills/implementing-secrets-scanning-in-ci-cd/Gen Agent Trust Hub

implementing-secrets-scanning-in-ci-cd

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/agent.py executes the gitleaks and trufflehog binaries via subprocess.run. The implementation uses list-based arguments without a shell, which is a secure practice that prevents command injection.
  • [DATA_EXFILTRATION]: The skill is designed to handle sensitive data (leaked credentials). The scripts/agent.py script mitigates data exposure risks by implementing a redaction mechanism (redacted_secret) that only outputs a truncated version of detected secrets.
  • [SAFE]: The documentation references official repositories for gitleaks and trufflehog and standard GitHub API endpoints. All external references are well-known security tools or services.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 07:13 PM