Skills
skills/superagent-ai/skills/repo-security-posture/Gen Agent Trust Hub

repo-security-posture

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs read-only operations to audit GitHub repository security. It utilizes a Python script (scripts/collect.py) to fetch repository metadata, branch protections, and workflow files using the official GitHub API and raw content delivery network (CDN).
  • [SAFE]: The collection script includes a robust redaction mechanism that uses regular expressions to identify and remove literal authentication tokens (e.g., _authToken, ghp_, npm_) from fetched files before they are processed by the agent, reducing the risk of accidental secret exposure.
  • [SAFE]: Network operations are restricted to api.github.com and raw.githubusercontent.com. The script follows least-privilege principles by gracefully degrading when administrative tokens are not provided, marking inaccessible data as 'unverified' rather than attempting bypasses.
  • [SAFE]: The skill instructions explicitly forbid automated changes to the target repository (e.g., running release jobs or modifying settings), ensuring it remains a non-intrusive diagnostic tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 11:03 PM
Security Audit — agent-trust-hub — repo-security-posture