vulnerability-scanning
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows security best practices by recommending automated static and dynamic analysis. The content is purely instructional and relates directly to the stated purpose of vulnerability scanning.
- [COMMAND_EXECUTION]: The skill includes examples of command-line execution for security tools (
npm audit,npx snyk, anddocker). These commands are standard for CI/CD environments and do not contain malicious payloads or suspicious redirection. - [EXTERNAL_DOWNLOADS]: The skill references well-known security services and repositories. It uses
npx snyk(from Snyk) andaquasec/trivy(from Aqua Security). These are established technology providers, and their use is documented neutrally as part of a legitimate security workflow.
Audit Metadata