security-testing-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as an educational and reference resource for security professionals and developers. It provides well-documented patterns for common security testing tasks without any malicious intent.
- [EXTERNAL_DOWNLOADS]: The skill references several well-known security tools and GitHub Actions from trusted organizations including GitHub, Snyk, OWASP, Aquasecurity, and Semgrep. These are documented for integration into security pipelines and follow industry best practices.
- [COMMAND_EXECUTION]: Extensive documentation of command-line tools for reconnaissance (nmap, subfinder, amass) and vulnerability scanning (nikto, sqlmap, gobuster) is provided. These are intended for authorized security testing and are represented as static examples in reference documentation.
- [DATA_EXPOSURE_AND_EXFILTRATION]: While the skill includes scripts that search for sensitive data (e.g., in API responses), this is explicitly for the purpose of identifying 'Excessive Data Exposure' vulnerabilities (OWASP API3) during security audits. No actual exfiltration logic is present.
Audit Metadata