strands-spec
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical manual and best-practices guide for the strands-cli platform. It contains no executable code or malicious instructions.
- [SAFE]: The skill explicitly promotes security best practices, including guidance on SSRF protection via allowlists for network tools and PII redaction for telemetry.
- [SAFE]: Sensitive data management is addressed by instructing users to use environment variables or secret managers rather than hardcoding credentials.
- [SAFE]: All examples use standard placeholders for API keys and identifiers (e.g., 'sk-...', 'YOUR_API_KEY_HERE').
- [SAFE]: The mentioned 'python_exec' and 'http_request' tools are native capabilities of the documented strands-cli platform, and the skill provides appropriate security guardrails for their use.
Audit Metadata