JFrog AppTrust
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides standard documentation and commands for interacting with JFrog AppTrust services. All operations described are consistent with the skill's stated purpose.
- [EXTERNAL_DOWNLOADS]: The skill references the JFrog CLI (
jf) and official documentation hosted onjfrog.com. Since these resources originate from the skill's author (JFrog), they are considered trusted vendor resources. - [COMMAND_EXECUTION]: Command usage is restricted to the JFrog CLI and
curlfor API interactions. These commands are used to manage application metadata, versions, and promotions within the user's own JFrog environment. - [CREDENTIALS_UNSAFE]: The skill uses environment variables (
$JFROG_ACCESS_TOKEN,$JFROG_URL) and the official CLI's configuration mechanism for authentication. No hardcoded secrets or unsafe credential handling practices were observed.
Audit Metadata