vulnerability-scanning
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Command Execution] (SAFE): The skill includes shell commands and a Node.js script that execute security scanning tools (npm audit, trivy, snyk, safety, bandit). These commands use static parameters and do not incorporate untrusted external input, which is safe for the skill's primary purpose of security auditing.
- [External Downloads] (SAFE): References established and trusted security tools and official GitHub Actions (Aquasecurity, Snyk). These dependencies are standard in modern development workflows and originate from reputable sources.
- [Data Exposure] (SAFE): The skill demonstrates the correct use of GitHub Secrets (e.g.,
${{ secrets.SNYK_TOKEN }}) for managing sensitive credentials. No hardcoded secrets or access to sensitive local system files (like SSH keys) were found.
Audit Metadata