github-actions-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and YAML patterns for GitHub Actions that align with industry security standards. There are no executable scripts or malicious commands included in the skill.
- [SAFE]: All external references target well-known and trusted organizations, including official GitHub actions (
actions/checkout,actions/setup-node,actions/cache), AWS (aws-actions/configure-aws-credentials), and Docker (docker/build-push-action). - [SAFE]: The guidance explicitly encourages secure secrets management, recommending GitHub Secrets and OIDC (OpenID Connect) over long-lived credentials, which is a security best practice.
- [SAFE]: The instructions include warnings against common security pitfalls, such as echoing secrets in logs and using overly broad permissions, further demonstrating a safety-focused design.
Audit Metadata