ln-761-secret-scanner
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external security scanners such as gitleaks and trufflehog to perform its primary function of secret detection across the codebase.
- [DATA_EXPOSURE]: The skill is designed to identify sensitive credentials including AWS keys, GitHub tokens, and private keys. It includes critical safety rules to ensure that discovered secrets are redacted and never logged or included in the final report, effectively managing the risk of data exposure.
- [EXTERNAL_DOWNLOADS]: The skill includes a fallback mechanism to fetch configuration and reference files from the author's public GitHub repository (levnikolaevich/claude-code-skills) if they are missing from the local environment.
- [PROMPT_INJECTION]: The skill acknowledges an indirect prompt injection surface as it processes untrusted content from the scanned codebase. It mitigates this by using structured tool outputs and implementing strict sanitization rules regarding the handling of discovered data.
Audit Metadata