owasp-top-10
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE] (SAFE): No malicious behaviors, obfuscation, or exfiltration patterns were identified within the skill. The content is purely educational and provides secure coding examples.
- [FALSE_POSITIVE] (SAFE): The 'logger.info' alert from the automated scanner is a false positive; it identifies a standard Python logging method call within the text rather than an actual malicious URL.
- [DATA_EXPOSURE] (SAFE): Code snippets use standard placeholders such as 'SECRET_KEY' and 'SECRET' for cryptographic examples. No actual hardcoded secrets or sensitive system paths were found.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill demonstrates the use of Subresource Integrity (SRI) for external script loading, which is a recommended security control to prevent tampering of remote resources.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata