sec-corp-governance
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists entirely of Markdown documentation and JSON metadata. There are no executable scripts (JavaScript, Python, or shell) included in the skill files.
- [EXTERNAL_DOWNLOADS] (LOW): The setup instructions reference external packages
octagon-mcpandskillsvianpx. While these are from a non-whitelisted source, they are documented dependencies for the intended functionality of the Octagon service. - [CREDENTIALS_UNSAFE] (SAFE): The skill provides instructions for configuring an API key using environment variables and placeholders (e.g.,
YOUR_API_KEY_HERE), which is a secure and standard practice. - [COMMAND_EXECUTION] (SAFE): The skill defines tool interactions with an MCP server but does not execute arbitrary shell commands or perform privilege escalation.
Audit Metadata