github-actions-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- **Category 2
- Data Exposure & Exfiltration (SAFE):** The skill demonstrates the correct use of GitHub Secrets (
${{ secrets.GITHUB_TOKEN }},${{ secrets.NPM_TOKEN }}) for managing credentials. It does not hardcode any sensitive information or attempt to access unauthorized files. - **Category 4
- Unverifiable Dependencies (SAFE):** While the workflow templates reference various third-party GitHub Actions (e.g.,
aquasecurity/trivy-action,ncipollo/release-action), these are standard tools within the GitHub Actions ecosystem and are used in a documentation context. The skill itself does not execute these dependencies. - **Category 8
- Indirect Prompt Injection (SAFE):** The skill serves as a guide for generating workflows. It does not ingest or process untrusted external data at runtime in a way that would expose the agent to injection attacks.
Audit Metadata