supply-chain-security
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- Reference Documentation: The skill consists exclusively of Markdown files that provide structured data and guidelines for security assessments. There are no scripts, binaries, or configuration files that execute logic within the agent environment.
- Trusted External References: All external URLs point to official, well-known project sites and repositories for industry-standard security frameworks such as OpenSSF, SLSA, and Sigstore.
- Assessment Protocol: The skill includes an assessment protocol (detect, classify, document, verify) designed to guide the agent through manual or automated repository analysis. While this involves reading repository data, the skill itself does not provide tools that could be used for data exfiltration or unauthorized command execution.
Audit Metadata