github-ci

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is primarily instructional and provides guidance on setting up and maintaining GitHub Actions workflows with an emphasis on security best practices.
  • [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted external resources, such as official GitHub Actions (e.g., actions/checkout, actions/setup-node), official Docker images (pipelinecomponents/yamllint), and community-standard tools for testing and reporting (e.g., Codecov). These references are documented neutrally and align with the skill's primary purpose.
  • [COMMAND_EXECUTION]: The skill includes standard shell commands for local validation, runner configuration, and testing. These examples utilize well-known tools like Docker, Git, and various language-specific package managers (npm, pip, mvn). These commands are illustrative and do not represent a security risk within the context of the documentation.
  • [CREDENTIALS_UNSAFE]: The skill provides clear guidance on managing secrets using the secure secrets context in GitHub Actions. It correctly warns against echoing secrets directly in logs and recommends using environment variables for safer handling.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:49 AM
Security Audit — agent-trust-hub — github-ci