sarif-parsing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing and using well-known, legitimate tools and libraries for SARIF analysis, including
jq,pysarif,sarif-tools,ijson, andjsonschema. All external references target reputable software registries or official documentation sites. - [COMMAND_EXECUTION]: Numerous
bashcommand examples are provided to facilitate CLI-based analysis of SARIF files usingjq. These operations are consistent with the skill's stated purpose of parsing structured JSON security reports. - [SAFE]: A detailed review of the provided Python helper scripts and markdown instructions revealed no security risks. The code demonstrates defensive programming practices, such as safe nested dictionary access, URL decoding for path normalization, and stable fingerprinting logic. There are no suspicious network operations or attempts to access sensitive system files.
Audit Metadata