karpathy-supply-chain-hygiene

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill serves as a security best-practice guide and does not contain malicious code or unauthorized data access patterns.- [COMMAND_EXECUTION]: Lists legitimate security tools (e.g., pip-audit, npm audit) and provides Dockerfile templates for secure environment configuration as part of educational content.- [SAFE]: The skill includes prompt templates designed for the agent to analyze user-supplied data (dependency files). While this constitutes an ingestion surface for untrusted data, the skill's purpose is to identify risks within that data, which is an intended and defensive security function.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 02:12 AM