security-culture-index
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONNO_CODE
Full Analysis
- [SAFE]: The skill's primary function is to perform local security audits of codebase practices and CI/CD configurations. It provides a structured framework for assessing security maturity without introducing malicious payloads.
- [COMMAND_EXECUTION]: The skill provides bash command examples for searching project files. These commands are localized to the current directory and are used for legitimate auditing purposes:
- Searching for security tool configurations (e.g., Semgrep, Snyk, CodeQL) in CI workflows.
- Identifying unpinned dependencies in requirement files.
- [DATA_EXFILTRATION]: While the skill includes instructions to search for sensitive patterns such as 'password' or 'api_key' within '.env' or '.yaml' files, this behavior is documented as part of a local secret-leakage audit. The skill does not contain any network-enabled tools or commands to transmit discovered data to external servers.
- [NO_CODE]: The skill consists entirely of markdown instructions and command-line snippets. No executable scripts, binaries, or external dependencies are included in the package.
Audit Metadata