sast-configuration
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to install 'semgrep' via pip and 'gh-codeql' via the GitHub CLI extension manager, both of which are official tools for security analysis.
- [EXTERNAL_DOWNLOADS]: CI/CD integration examples use official GitHub Actions (e.g., returntocorp/semgrep-action) and verified repositories.
- [COMMAND_EXECUTION]: Provides standard command-line snippets for tool initialization and execution (e.g.,
codeql database create,docker run), which are standard for security tooling setup and consistent with the skill's purpose. - [SAFE]: No evidence of malicious intent, credential theft, obfuscation, or prompt injection was detected.
Audit Metadata