sota-python
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill is entirely educational and instructional, focusing on promoting high-quality Python code and identifying security vulnerabilities in other codebases.
- [COMMAND_EXECUTION]: The skill includes many standard shell commands for development, linting, and security scanning (e.g.,
uv,ruff,bandit,pip-audit). These are used as intended for auditing and project management. - [PROMPT_INJECTION]: No attempts to override agent behavior or safety filters were found. The mention of 'CRITICAL' or 'HIGH' severities refers to finding classifications for code audits, not an attempt to escalate privileges.
- [DATA_EXFILTRATION]: There are no network operations targeting suspicious domains. All external references are to well-known repositories like Astral (Ruff) and standard pre-commit hooks.
- [REMOTE_CODE_EXECUTION]: The skill specifically warns against dangerous patterns like
pickle.loadsorevalon untrusted data, demonstrating a strong security posture.
Audit Metadata