zz-code-recon
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): File
docs/advanced-techniques.mdcontains various shell command examples for tools likemitmproxy,semgrep,bandit, andtrufflehog. These are provided as instructional snippets for manual security audits and do not execute automatically or use untrusted input. - [EXTERNAL_DOWNLOADS] (SAFE): The documentation mentions using
curl,wget, and package managers (npm,pip) to gather API schemas or audit dependencies. These references are standard for a security audit toolkit and do not involve piped remote execution of untrusted scripts. - [NO_CODE] (SAFE): The skill consists entirely of Markdown files (
.md). There are no executable scripts (.py, .js, .sh) provided in the skill package that would be run by the AI agent's runtime environment. - [DATA_EXPOSURE] (SAFE): While the documentation describes how to search for secrets (e.g., using
grepfor 'api_key' or 'secret'), it does so as an instructional guide for auditors looking at target codebases, not as a mechanism to exfiltrate the agent's or user's own credentials.
Audit Metadata