secrets-management

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is purely educational and focuses on industry-standard security practices for handling sensitive credentials. It does not contain any executable scripts, command lines, or automated tools that perform actions on the local system.
  • [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines. The content is descriptive and follows a standard educational format.
  • [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration patterns detected. References to sensitive files like .env are used exclusively to teach users how to properly secure or exclude them from version control.
  • [EXTERNAL_DOWNLOADS]: The skill contains informational links to reputable and trusted organizations, including OWASP, NIST, MITRE, and HashiCorp. These are used for grounding the skill in established security frameworks and do not involve executable code downloads.
  • [COMMAND_EXECUTION]: The skill specifies Read and Grep in the allowed-tools section, which are appropriate for its described purpose of identifying and analyzing secret-handling patterns in a codebase.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 04:35 AM
Security Audit — agent-trust-hub — secrets-management