ci-cd-ops
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references numerous official GitHub Actions and CLI tools from trusted organizations, including AWS (
aws-actions/configure-aws-credentials), Google (google-github-actions/auth), Microsoft (actions/checkout), and Cloudflare (npx wrangler). These are documented as standard components for building secure automation pipelines. - [COMMAND_EXECUTION]: The skill requires access to
BashandWritetools to perform CI/CD operations such as running build scripts, executing tests, and managing releases. These capabilities are consistent with the skill's primary function. - [DATA_EXFILTRATION]: The templates demonstrate best practices for handling sensitive data using GitHub Secrets and OIDC (OpenID Connect). The patterns include using short-lived tokens and masking sensitive output to prevent credential leakage.
- [PROMPT_INJECTION]: The skill defines patterns for workflows triggered by external events such as
issue_commentandpull_request_target. These represent an attack surface for indirect prompt injection if external data is parsed without sanitization. - Ingestion points: Processes untrusted external data from PR descriptions and issue comments via the
github.eventcontext as documented inSKILL.md. - Boundary markers: The provided templates use standard YAML structural delimiters but do not include explicit instructions to the agent to ignore embedded commands in external data.
- Capability inventory: The skill utilizes
BashandFile Writepermissions to execute CI/CD tasks. - Sanitization: Relies on the default environment variable isolation provided by the GitHub Actions runner environment.
- [NO_CODE]: The skill consists entirely of reference documentation and templates in markdown format. It does not contain any executable scripts or binaries that run automatically in the agent's environment.
Audit Metadata