managing-infra
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive templates that enforce security best practices, including the use of non-root users (
runAsNonRoot: true), read-only root filesystems, and dropping Linux capabilities in Kubernetes manifests (KUBERNETES.md). - [SAFE]: Instructions correctly recommend pinning GitHub Actions by commit SHA rather than floating tags to prevent supply chain attacks (
GITHUB-ACTIONS.md). - [CREDENTIALS_UNSAFE]: A sample Secret manifest in
KUBERNETES.mdincludes a generic placeholder credential (postgres://user:pass@host/db). While this is a hardcoded credential pattern, it is clearly intended as an illustrative placeholder for documentation purposes. - [SAFE]: The skill uses well-known and trusted base images (e.g.,
gcr.io/distroless/static-debian12,python:3.14-slim) and official GitHub Actions (e.g.,actions/checkout,docker/build-push-action) within its provided templates. - [SAFE]: Analysis of the provided shell commands (e.g.,
kubectl apply,terraform plan,helm upgrade) shows they are standard operations related to the skill's primary purpose of infrastructure management.
Audit Metadata