codeql
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill identifies and executes build system commands (e.g.,
make,cmake,mvn,gradlew) and project-specific build scripts discovered within the target codebase to trace compilation and create CodeQL databases. - [COMMAND_EXECUTION]: The skill uses standard package managers (e.g.,
pip,npm,go mod,cargo) to install dependencies of the target project during the build phase to ensure high-quality extraction and analysis. - [COMMAND_EXECUTION]: The skill dynamically generates and executes CodeQL queries (
.ql) and suite configurations (.qls) at runtime to perform diagnostics and targeted security analysis based on the project's language and detected API patterns. - [EXTERNAL_DOWNLOADS]: The skill fetches official CodeQL query packs and community security packs from GitHub Security Lab and Trail of Bits repositories using the
codeql pack downloadcommand. - [DATA_EXFILTRATION]: The skill reads project source files and internal metadata to map the application's attack surface (sources and sinks) for data flow modeling. All network operations are directed to well-known technological services (GitHub, package registries) for legitimate dependency and query management, with no evidence of unauthorized data transmission.
Audit Metadata