github-project
Pass
Audited by Gen Agent Trust Hub on May 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on
ghandgitcommands to manage repository state, fetch configuration, and automate pull request workflows. These operations are consistent with the skill's stated purpose of repository management. - [EXTERNAL_DOWNLOADS]: The documentation includes references to established development tools like
actionlintandgh-awfrom official GitHub repositories. These are well-known sources used for repository linting and workflow hardening. - [DATA_EXFILTRATION]: Analysis of the provided scripts and templates confirms that network operations are restricted to GitHub's official APIs and trusted developer service endpoints (e.g., Codecov, OpenSSF). There is no evidence of unauthorized data collection or exfiltration.
- [SAFE]: No malicious patterns, obfuscation, or persistence mechanisms were detected. The skill specifically includes documentation on how to prevent common security pitfalls like command injection in GitHub Actions and repository supply-chain attacks.
Audit Metadata