web-security
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill serves as an educational resource consisting of markdown files that outline defensive coding practices. No malicious instructions, obfuscation, or persistence mechanisms were found in any of the analyzed files.- [NO_CODE]: The skill does not contain any executable scripts (such as .py, .js, or .sh files). It relies entirely on markdown-based guidance and code snippets for the developer to implement, which significantly reduces the internal risk of the skill itself.- [SAFE]: While the skill contains common security exploit payloads (e.g., XSS and SQL injection strings), they are clearly labeled as manual testing inputs for security auditing purposes, adhering to the skill's defensive and educational mission.- [SAFE]: The external software and libraries mentioned (e.g., OWASP ZAP, wpscan, bandit, safety) are legitimate, well-known security tools recommended for vulnerability management and auditing.
Audit Metadata