promotion-pipeline

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses industry-standard tools (kubectl, flux, gh) for infrastructure management, with no evidence of malicious command injection or unauthorized access patterns.
  • [SAFE]: Sensitive operations, such as manual promotion, are instructed to use environment variables like $GITHUB_TOKEN rather than hardcoded secrets.
  • [SAFE]: External communication is restricted to trusted services including GitHub and GHCR for repository and artifact management.
  • [SAFE]: Analysis of the markdown content and metadata revealed no signs of obfuscation, persistence mechanisms, or prompt injection attempts.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:56 AM
Security Audit — agent-trust-hub — promotion-pipeline