promotion-pipeline
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses industry-standard tools (kubectl, flux, gh) for infrastructure management, with no evidence of malicious command injection or unauthorized access patterns.
- [SAFE]: Sensitive operations, such as manual promotion, are instructed to use environment variables like $GITHUB_TOKEN rather than hardcoded secrets.
- [SAFE]: External communication is restricted to trusted services including GitHub and GHCR for repository and artifact management.
- [SAFE]: Analysis of the markdown content and metadata revealed no signs of obfuscation, persistence mechanisms, or prompt injection attempts.
Audit Metadata