github-actions-author
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to promote secure CI/CD practices. It explicitly instructs the agent to use minimal permissions (contents: read), pin action versions to SHAs for sensitive tasks, and avoid direct interpolation of untrusted data in shell scripts to prevent command injection within workflows.
- [SAFE]: Tool usage is limited to standard repository management utilities (git, gh, bun) through the
allowed-toolsconfiguration. - [SAFE]: Network activity is restricted to querying official GitHub Action release information via the GitHub CLI, which is a common and safe practice for version management.
- [SAFE]: The instructions include a comprehensive security review checklist that the agent must apply to its output, covering areas like fork PR safety, secret exposure, and third-party action reputation.
- [SAFE]: All identified external references and author information (Ship Shit Dev) are consistent with the skill's stated purpose and follow safe vendor patterns.
Audit Metadata