spice-secrets
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): The skill provides YAML configuration examples for secret stores including environment variables, Kubernetes secrets, AWS Secrets Manager, and system keyrings. It correctly uses placeholders for configuration values and contains no hardcoded credentials or data exfiltration commands.
- Indirect Prompt Injection (SAFE): While the skill teaches the agent how to access sensitive data stores, it does not include instructions that could be used to bypass safety filters or exfiltrate data through processed inputs.
- Remote Code Execution (SAFE): No remote code execution patterns, external scripts, or package installations were identified in the skill content.
Audit Metadata