emdash-github-actions
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures workflows to download official GitHub Actions (actions/checkout, actions/setup-node) and standard development dependencies from the npm registry (e.g., typescript, eslint, vitest). These resources are well-known and expected in CI/CD pipelines.
- [DATA_EXFILTRATION]: No exfiltration patterns were detected. The skill correctly guides the user to use GitHub Repository Secrets for sensitive information like npm tokens, ensuring they are not hardcoded or exposed.
- [COMMAND_EXECUTION]: Command execution is limited to standard software development tasks such as type-checking, linting, and testing. Commands such as 'tsc', 'eslint', and 'vitest' are used as intended for quality assurance.
- [SAFE]: The skill includes a dedicated security workflow that runs 'npm audit' to identify vulnerable dependencies, which is a proactive security measure.
Audit Metadata