Skills
skills/zereight/gitlab-mcp/security-scan/Gen Agent Trust Hub

security-scan

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill defines a standard workflow for security auditing, using reputable tools and patterns to enhance code safety.
  • [COMMAND_EXECUTION]: The skill uses shell commands like git diff, grep, and cat to analyze local files. It also suggests running language-specific audit tools such as npm audit, pip-audit, and cargo audit. All executed commands are appropriate for the skill's purpose and operate on local data.
  • [EXTERNAL_DOWNLOADS]: References official security auditing tools and vulnerability databases (e.g., pip-audit, govulncheck). These are standard industry tools and their use in this context is secure and expected.
  • [PROMPT_INJECTION]: While the skill processes project source code which is an untrusted input surface (Indirect Prompt Injection), the risk is minimal as the agent is instructed to use specific patterns and a structured reporting format.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:25 AM