Skills
skills/cosmix/loom/loom-ci-cd/Gen Agent Trust Hub

loom-ci-cd

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues were detected. The skill serves as an educational resource for CI/CD pipeline implementation.
  • [EXTERNAL_DOWNLOADS]: The examples reference official GitHub Actions and container images from well-known technology providers including Microsoft (Azure), Docker, SonarSource, Snyk, Aqua Security, and GitHub. These are standard, reputable sources for CI/CD infrastructure.
  • [COMMAND_EXECUTION]: The skill includes numerous standard shell commands for building, testing, and deploying applications (e.g., npm test, docker push, kubectl rollout). All commands are contextually appropriate for the tasks described.
  • [CREDENTIALS_UNSAFE]: The instructions and examples demonstrate proper secret management by utilizing platform-native vault mechanisms (e.g., ${{ secrets.GITHUB_TOKEN }}) and environment variables instead of hardcoding sensitive information.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 08:12 AM
Security Audit — agent-trust-hub — loom-ci-cd