cve-validation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed for the legitimate purpose of validating CVE metadata and remediation availability using the Red Hat Lightspeed MCP server.
- [SAFE]: Implements strict input sanitization via regex (
^CVE-\d{4}-\d{4,7}$) to ensure user-provided CVE IDs conform to standard formats before being processed by MCP tools, effectively preventing injection attacks. - [SAFE]: Correctly identifies and utilizes required environment variables for service authentication without hardcoding sensitive credentials.
- [SAFE]: Directs the agent to consult authoritative documentation (e.g., vulnerability-logic.md, cvss-scoring.md) and perform prerequisite validation before execution, enhancing reliability and security context.
- [SAFE]: All external references and dependencies target trusted Red Hat domains and services, which are well-known technology providers.
Audit Metadata