codeql
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is a legitimate collection of documentation and templates for CodeQL integration. No malicious instructions, obfuscation, or safety guideline bypasses were found.\n- [NO_CODE]: This skill contains no executable scripts (such as .py, .js, or .sh files), consisting entirely of Markdown reference material.\n- [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading the CodeQL CLI bundle from the official GitHub releases repository. This is a well-known service, and the download is documented neutrally as a standard setup step.\n- [COMMAND_EXECUTION]: Provides procedural shell command templates and GitHub Actions workflow configuration required for creating databases and performing analysis, consistent with standard development workflows.\n- [CREDENTIALS_UNSAFE]: The instructions recommend using environment variables (e.g., GITHUB_TOKEN) for authentication, which is the standard secure method for CI/CD environments; no hardcoded secrets or sensitive configuration file paths are exposed.
Audit Metadata