sota-secrets-management
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were detected. The skill is strictly instructional and follows industry-standard best practices for secure software development and secrets management (e.g., OWASP, CIS).
- [EXTERNAL_DOWNLOADS]: The skill references well-known and reputable security tools such as gitleaks, trufflehog, and git-filter-repo. These are standard open-source tools for secret scanning and repository maintenance. Their use here is appropriate for the skill's auditing and remediation purpose.
- [COMMAND_EXECUTION]: The instructions involve the use of common CLI tools (grep, git, pip) for the purpose of identifying and fixing security vulnerabilities. The skill explicitly warns the agent against invoking discovered credentials against production services without permission.
- [PROMPT_INJECTION]: There are no patterns suggesting attempts to bypass safety filters or override system instructions. The guidelines are aligned with the agent's expected role as a secure development assistant.
Audit Metadata