secrets-management
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely educational and focuses on industry-standard security practices for handling sensitive credentials. It does not contain any executable scripts, command lines, or automated tools that perform actions on the local system.
- [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines. The content is descriptive and follows a standard educational format.
- [DATA_EXFILTRATION]: No sensitive data exposure or exfiltration patterns detected. References to sensitive files like
.envare used exclusively to teach users how to properly secure or exclude them from version control. - [EXTERNAL_DOWNLOADS]: The skill contains informational links to reputable and trusted organizations, including OWASP, NIST, MITRE, and HashiCorp. These are used for grounding the skill in established security frameworks and do not involve executable code downloads.
- [COMMAND_EXECUTION]: The skill specifies
ReadandGrepin theallowed-toolssection, which are appropriate for its described purpose of identifying and analyzing secret-handling patterns in a codebase.
Audit Metadata