ci-cd-pipelines
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, prompt injections, or obfuscation techniques were identified. The skill acts as a legitimate technical guide for DevOps automation.
- [COMMAND_EXECUTION]: The skill contains numerous shell script examples for building, testing, and deploying applications (e.g.,
npm ci,docker build,kubectl set image). These are standard for CI/CD configuration files and are presented as templates for the user's own environment. - [EXTERNAL_DOWNLOADS]: References to external Docker images (e.g.,
semgrep/semgrep,aquasec/trivy,trufflesecurity/trufflehog) and standard package managers (npm,pip) are restricted to well-known, official, or reputable open-source security tools and registries. - [CREDENTIALS_UNSAFE]: The skill demonstrates best practices for secret management by showing how to use
withCredentialsin Jenkins or masked variables in GitLab. Placeholder credentials used in integration test examples (e.g.,POSTGRES_PASSWORD: secret) are generic and intended for local service containers in a test environment, not production systems.
Audit Metadata