setup-ci
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious patterns detected; the skill uses clear instructional language to manage its workflow without attempting to bypass safety protocols.
- [DATA_EXFILTRATION]: No exfiltration risks were identified. The skill provides templates that handle sensitive information (like SSH keys) securely by writing them directly to files within the runner and ensuring mandatory cleanup via always() steps.
- [REMOTE_CODE_EXECUTION]: External GitHub Actions are pinned to specific commit SHAs rather than mutable tags, providing protection against supply-chain attacks.
- [COMMAND_EXECUTION]: Shell command usage via allowed tools is scoped to the skill's purpose and incorporates permissions hardening.
- [SAFE]: The skill proactively implements industry-standard security measures for automated deployment environments.
Audit Metadata