secure-at-inception
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a legitimate security scanning workflow using vendor-provided Snyk tools for SAST, SCA, and IaC analysis. All external tool invocations are consistent with the vendor's intended functionality.
- [COMMAND_EXECUTION]: Uses the Bash tool to perform Git operations such as
git diffandgit statusto identify modified files. This behavior is restricted to change detection and is necessary for the skill's core purpose. - [DATA_EXFILTRATION]: Reports anonymized telemetry (counts of prevented issues) back to the vendor via the
snyk_send_feedbacktool. This is standard vendor functionality and does not involve the exfiltration of sensitive source code or credentials. - [PROMPT_INJECTION]: As the skill processes user-generated or modified code, it handles a data ingestion surface for indirect prompt injection. However, the instructions focus on structured scanning and delta-filtering, which helps mitigate the risk of the agent obeying instructions embedded within the scanned files.
Audit Metadata