code-security
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or obfuscated content were detected in the skill's instructions or metadata.\n- [EXTERNAL_DOWNLOADS]: The skill documentation suggests installation via
npx skills add semgrep/skills, which points to a vendor-owned package registry from the official author.\n- [NO_CODE]: The skill consists entirely of Markdown documentation and JSON metadata; it does not contain any executable scripts (e.g., Python, JavaScript) or binaries.\n- [SAFE]: Hardcoded credentials found in the rule examples (such as AWS keys and Stripe tokens) are clearly identified as dummy placeholders or examples of vulnerable code for educational purposes and do not represent actual secrets.
Audit Metadata