sbom
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs legitimate software supply chain security tasks by generating SBOMs using Syft, a well-known industry tool for this purpose. No malicious instructions or safety bypasses were found.\n- [EXTERNAL_DOWNLOADS]: License resolution involves querying metadata from well-known registries like crates.io, npm, and PyPI. These are recognized services and their use is integral to the skill's primary function.\n- [COMMAND_EXECUTION]: The skill uses the mise task runner and the uv Python manager to run local scripts (e.g., resolve_licenses.py). These operations are standard for development environments and occur within the repository context.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: No sensitive data exposure or unauthorized network exfiltration was detected. Network operations are limited to retrieving package metadata from official registries.
Audit Metadata