codeql
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate instructions for configuring CodeQL analysis. It follows official documentation and security best practices for GitHub Actions.
- [EXTERNAL_DOWNLOADS]: References to external downloads are limited to official GitHub release pages (github.com/github/codeql-action/releases) for the CodeQL bundle. These are well-known, trusted sources.
- [CREDENTIALS_UNSAFE]: The instructions correctly use environment variables (GITHUB_TOKEN) and GitHub secrets for authentication, avoiding hardcoded credentials.
- [COMMAND_EXECUTION]: Command examples provided (such as
codeql database createandtar xf) are standard administrative and operational tasks required for tool installation and execution. - [PROMPT_INJECTION]: There are no detected prompt injection patterns. Terms like 'CRITICAL' and 'IMPORTANT' are used appropriately within the context of security alert severity levels and configuration steps.
Audit Metadata