production-checklist
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate developer utility for auditing codebases against industry standards like OWASP and PCI DSS. It operates locally using standard file manipulation tools (Glob, Grep, Read, Write).
- [DATA_EXFILTRATION]: The instructions in
SKILL.mdStep 3 contain explicit privacy safeguards, mandating the redaction of any discovered secrets (e.g., API keys, tokens) before generating the final report to prevent accidental data exposure in the agent's output history. - [COMMAND_EXECUTION]: While the skill can modify code (Step 5), it is governed by strict safety rules requiring the agent to display proposed changes for user review and prohibiting automatic commits, ensuring human-in-the-loop control over project modifications.
- [PROMPT_INJECTION]: No malicious prompt injection patterns were detected. The skill uses instructional language consistent with its role as a security scanner and includes directives to avoid leaking full secret values.
Audit Metadata