compliance-scan

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/scan.py script executes local shell commands using subprocess.run to interact with Git (e.g., git diff, git ls-files) and to run existing validation tests via pytest and bash.
  • [COMMAND_EXECUTION]: The scripts/install-pre-push.sh script automates the creation of a Git hook in the .git/hooks directory. This hook is designed to trigger the scanner automatically during the git push workflow.
  • [SAFE]: The tool includes an automated remediation feature that appends sensitive directories and file patterns (such as .env and notebooks/) to the project's .gitignore file.
  • [SAFE]: All scanning logic is performed locally on the user's machine. The skill checks file contents against predefined regex patterns for credentials and PII without any external network communication.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 02:54 PM