python-github-actions

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation and YAML templates for GitHub Actions rather than executing any scripts or commands directly.
  • [SAFE]: All external references target reputable and official sources, including the official GitHub Actions organization, the Python Packaging Authority (PyPA), and well-known tools from Astral (uv, ruff).
  • [SAFE]: Promotes strong security posture by including integrated steps for vulnerability scanning with pip-audit and static security analysis with bandit.
  • [SAFE]: Recommends modern security standards for CI/CD, specifically utilizing OpenID Connect (OIDC) through GitHub's 'Trusted Publishing' to release packages to PyPI without requiring hardcoded API keys or secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — python-github-actions