python-github-actions
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and YAML templates for GitHub Actions rather than executing any scripts or commands directly.
- [SAFE]: All external references target reputable and official sources, including the official GitHub Actions organization, the Python Packaging Authority (PyPA), and well-known tools from Astral (uv, ruff).
- [SAFE]: Promotes strong security posture by including integrated steps for vulnerability scanning with
pip-auditand static security analysis withbandit. - [SAFE]: Recommends modern security standards for CI/CD, specifically utilizing OpenID Connect (OIDC) through GitHub's 'Trusted Publishing' to release packages to PyPI without requiring hardcoded API keys or secrets.
Audit Metadata