Skills
skills/elastic/kibana/codeql/Gen Agent Trust Hub

codeql

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts (quick_check.sh, fetch_sarif.mjs) to perform CodeQL analysis and manage Docker environments.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves SARIF data from GitHub's API. This is a legitimate interaction with a well-known service for retrieving analysis results.
  • [CREDENTIALS_UNSAFE]: The skill utilizes a GITHUB_TOKEN for API authentication, which is correctly managed via environment variables.
  • [PROMPT_INJECTION]: The skill ingests external data (SARIF and alerts) from the GitHub API. Ingestion points: scripts/fetch_sarif.mjs fetches content from GitHub. Boundary markers: Absent. Capability inventory: Local command execution via Docker and Node.js. Sanitization: Standard JSON processing of API responses. Due to the trusted nature of the source repository, this ingestion is considered safe.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 02:19 PM