secure-github-actions
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands like grep, find, and git ls-files to audit repository content and workflow configurations. It also invokes external security scanners to identify vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill references well-known security tools (gitleaks, trufflehog, zizmor, gh) and provides installation commands via the Homebrew package manager. These tools are industry standards for security auditing.
- [SAFE]: The skill implements best practices for GitHub Actions security, including mandatory SHA pinning, least-privilege permissions, and prevention of shell injection by passing context variables through environment variables.
Audit Metadata