security-compliance
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate security tool for threat modeling and compliance. It includes a script (scripts/secret_scan.py) that performs local file scanning to identify potentially hardcoded secrets.
- [COMMAND_EXECUTION]: The skill invokes a local Python script to scan the file system. The script is bundled with the skill, allowing for transparent review of its logic and ensuring no external binaries are called.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted content from the local directory. 1. Ingestion points: Files in the target directory scanned by scripts/secret_scan.py. 2. Boundary markers: Absent. 3. Capability inventory: File system read access. 4. Sanitization: Absent. The risk is considered low as the tool only performs regex matching to identify secrets and does not execute or interpret the file content.
Audit Metadata