github-standards

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a documentation-based guide for repository management standards and does not contain executable malicious code or instructions to bypass safety guidelines.
  • [DATA_EXFILTRATION]: The skill provides defensive measures against data exfiltration by including a shell command to scan staged files for secrets (API keys, private keys, database strings) and listing specific files that must never be committed (e.g., .env, .pem, .sqlite).
  • [EXTERNAL_DOWNLOADS]: Contains references to well-known developer tools and services such as GitHub Actions, pnpm, and Cargo. These are presented as best-practice examples for CI/CD pipelines. The skill explicitly recommends pinning third-party GitHub Actions to specific commit SHAs rather than tags to harden the software supply chain.
  • [COMMAND_EXECUTION]: Includes a recommended bash snippet for pre-commit secret scanning using git diff and grep. This command is designed to be run locally by the developer to identify and prevent the accidental leakage of sensitive credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:20 PM
Security Audit — agent-trust-hub — github-standards