owasp-security-check
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): No malicious patterns detected. The entire skill consists of markdown-based security rules and documentation.
- NO_CODE (SAFE): The skill contains no executable scripts or configuration files that trigger automation. All code snippets are static examples within markdown blocks.
- CREDENTIALS_UNSAFE (SAFE): While the 'Bad Patterns' sections in files like
rules/secrets-management.mdandrules/cryptographic-failures.mdcontain hardcoded example keys (e.g., Stripe keys, admin passwords), these are for demonstration and are explicitly flagged as vulnerabilities. They do not represent an attempt to leak or use actual credentials. - COMMAND_EXECUTION (SAFE): Examples of dangerous commands (e.g.,
execSync) are provided in documentation to warn against their use. No actual command execution occurs within the skill's operational context.
Audit Metadata