github-standards
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a documentation-based guide for repository management standards and does not contain executable malicious code or instructions to bypass safety guidelines.
- [DATA_EXFILTRATION]: The skill provides defensive measures against data exfiltration by including a shell command to scan staged files for secrets (API keys, private keys, database strings) and listing specific files that must never be committed (e.g., .env, .pem, .sqlite).
- [EXTERNAL_DOWNLOADS]: Contains references to well-known developer tools and services such as GitHub Actions, pnpm, and Cargo. These are presented as best-practice examples for CI/CD pipelines. The skill explicitly recommends pinning third-party GitHub Actions to specific commit SHAs rather than tags to harden the software supply chain.
- [COMMAND_EXECUTION]: Includes a recommended bash snippet for pre-commit secret scanning using
git diffandgrep. This command is designed to be run locally by the developer to identify and prevent the accidental leakage of sensitive credentials.
Audit Metadata