license-scan-scancode
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of 'scancode-toolkit' via pip. Since the author organization is not included in the specific trusted GitHub organizations list, it is classified as an unverifiable dependency. Severity is reduced as it is the primary tool for the skill.
- [COMMAND_EXECUTION] (SAFE): The skill executes the 'scancode' CLI tool. This is expected behavior for its primary purpose of license auditing.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through analyzed codebases.
- Ingestion points: target-path (SKILL.md)
- Boundary markers: Absent
- Capability inventory: Subprocess execution of 'scancode' (SKILL.md)
- Sanitization: None detected.
Audit Metadata