compliance-scan
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/scan.pyscript executes local shell commands usingsubprocess.runto interact with Git (e.g.,git diff,git ls-files) and to run existing validation tests viapytestandbash. - [COMMAND_EXECUTION]: The
scripts/install-pre-push.shscript automates the creation of a Git hook in the.git/hooksdirectory. This hook is designed to trigger the scanner automatically during thegit pushworkflow. - [SAFE]: The tool includes an automated remediation feature that appends sensitive directories and file patterns (such as
.envandnotebooks/) to the project's.gitignorefile. - [SAFE]: All scanning logic is performed locally on the user's machine. The skill checks file contents against predefined regex patterns for credentials and PII without any external network communication.
Audit Metadata