ci-cd-integration
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues were identified during the analysis. The skill focuses on providing best practices and copy-paste templates for GitHub Actions and GitLab CI.
- [EXTERNAL_DOWNLOADS]: The skill references several third-party GitHub Actions (e.g.,
dorny/test-reporter,marocchino/sticky-pull-request-comment,slackapi/slack-github-action). These are well-known community actions used for reporting and notification within CI/CD environments and do not represent a security risk in the context of these templates. - [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential management by using GitHub Secrets (e.g.,
${{ secrets.TEST_USER_EMAIL }}) and explicitly warns against hardcoding secrets in workflow files. - [COMMAND_EXECUTION]: Shell commands provided in the templates (e.g.,
npm ci,npx playwright test) are standard operations for building and testing Node.js applications and are intended for execution within the user's isolated CI/CD runner environments.
Audit Metadata