cc-skill-security-review
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing a structured approach for an agent to perform security reviews of codebases. It promotes industry-standard best practices such as OWASP recommendations.
- [CREDENTIALS_UNSAFE]: While the file contains examples of hardcoded API keys and passwords, these are explicitly used in a educational context as examples of insecure practices to avoid. They do not represent a functional security risk within the skill itself.
- [EXTERNAL_DOWNLOADS]: The documentation references standard tools such as npm and external security resources like OWASP and PortSwigger as part of a security workflow. The skill does not include any automated execution of remote scripts or unauthorized downloads.
Audit Metadata