security-threat-model
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown instructions and templates, with no executable scripts, binaries, or configuration code.
- [SAFE]: The skill implements a senior-level security engineering workflow, focusing on evidence-based analysis and realistic threat modeling.
- [DATA_EXFILTRATION]: The instructions in
references/prompt-template.mdexplicitly mandate that the agent never output secrets and must redact any tokens, keys, or passwords discovered during its analysis. - [COMMAND_EXECUTION]: The skill recommends using the standard
ripgrep (rg)tool for codebase exploration, which is a benign and standard utility for repository analysis.
Audit Metadata