secrets-management
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard security auditing tool designed to evaluate secrets management practices.
- [DATA_EXPOSURE]: The skill facilitates the discovery of sensitive files (e.g.,
.env,.key,.ssh) and defines regex patterns for detecting various credentials (e.g., AWS, GitHub, Slack). These features are used strictly for security assessment purposes and are coupled with explicit instructions to never log or display actual secret values. - [PROMPT_INJECTION]: To mitigate risks from processing untrusted data, the skill includes a specific 'Prompt Injection Safety Notice' instructing the agent to treat all file content as untrusted and ignore any embedded instructions.
- [EXTERNAL_DOWNLOADS]: References to external tools and documentation (Gitleaks, TruffleHog, OWASP, NIST) point to well-known and official repositories for informational use only.
Audit Metadata