Skills
skills/ravinani02/opencode-agent-skills/sast-configuration/Gen Agent Trust Hub

sast-configuration

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references standard installations for 'semgrep' and 'gh-codeql'. While 'github' is a trusted source, the 'semgrep' tool is provided by an organization not on the whitelist, though it is well-known.
  • [COMMAND_EXECUTION] (LOW): The skill provides commands to run Docker containers and a local script 'run-sast.sh' for scan automation, involving local code execution.
  • [PROMPT_INJECTION] (LOW): The skill is subject to indirect prompt injection (Category 8) because its primary purpose is to analyze external codebases. 1. Ingestion points: Source code files processed by SAST tools. 2. Boundary markers: Not specified in the configuration examples. 3. Capability inventory: File system access and shell command execution via tools and 'run-sast.sh'. 4. Sanitization: Not explicitly implemented in the provided skill files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:45 PM