open-source-checker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Category 8: Indirect Prompt Injection (LOW): The skill is designed to analyze external data (codebases) for secrets. While this creates a theoretical surface for indirect prompt injection if an attacker embeds instructions in source code comments, the provided files only contain instructional text and no executable capabilities that could be exploited.
- Metadata Analysis (SAFE): The plugin metadata and skill description accurately reflect the purpose of the skill. No deceptive patterns or malicious instructions were found in the headers or version information.
- Capability Review (SAFE): No scripts, network operations, or file system modifications are present. The skill functions purely as a prompt-based advisor recommending industry-standard tools like gitleaks and truffleHog.
Audit Metadata