github-configure-ci-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the JFrog CLI and related configuration files from the official vendor domain (jfrog.io) and the official GitHub repository (jfrog/setup-jfrog-cli).
- [REMOTE_CODE_EXECUTION]: Includes instructions for a fallback installation method that pipes a script from the vendor's official domain (install-cli.jfrog.io) directly to a shell. This is a standard practice for the vendor's tool distribution.
- [COMMAND_EXECUTION]: Uses common shell and git commands such as git clone, checkout, and push to modify workflow files, alongside filesystem operations like mktemp and mv for environment setup.
- [CREDENTIALS_UNSAFE]: Provides clear guidance on using GitHub Secrets (JF_ACCESS_TOKEN) and Variables (JF_URL) to handle authentication, adhering to security best practices for CI/CD pipelines and avoiding hardcoded credentials.
Audit Metadata