sast-configuration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [External Downloads] (SAFE): The skill facilitates the installation of standard security tools such as
semgrepthrough the Python package manager andgh-codeqlvia the official GitHub CLI extension manager. These are trusted utilities commonly used in DevSecOps workflows.\n- [Command Execution] (SAFE): Examples of command-line usage are provided for environment setup (Docker), extension management (gh CLI), and script execution. These actions are appropriate for the skill's primary function of infrastructure configuration.\n- [Indirect Prompt Injection] (LOW): Due to its function of analyzing external source code and security reports, the skill possesses an inherent indirect injection surface.\n - Ingestion points: Source code repositories and SARIF/JSON scan results from tools like Semgrep and CodeQL.\n
- Boundary markers: Absent; instructions do not explicitly define delimiters for external tool output.\n
- Capability inventory: System command execution, package installation, and CI/CD integration capabilities.\n
- Sanitization: No explicit sanitization or content validation is mentioned for external inputs before processing.
Audit Metadata