code-security
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill is a collection of educational markdown files providing security guidelines for 15+ programming languages and multiple infrastructure platforms (AWS, Azure, GCP, K8s, Docker).
- [SAFE]: All identified instances of dangerous patterns (such as
eval,exec, orsubprocess.run(shell=True)) are used exclusively as 'Incorrect' examples for teaching purposes and are explicitly labeled as vulnerabilities to avoid. - [SAFE]: Credential patterns identified in the documentation (e.g., AWS access keys and Stripe tokens) are non-functional placeholders used for demonstration and do not contain real secrets.
- [SAFE]: No obfuscation, data exfiltration mechanisms, or unauthorized command execution instructions were found.
- [SAFE]: The skill references standard installation commands for the platform (e.g.,
npx skills add) targeting a known and trusted vendor ('semgrep'), which is consistent with the skill's stated purpose.
Audit Metadata