gitlab-cicd-pipeline
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): In Example 1, the 'security-scan' job clones a third-party repository and executes a binary from it without any integrity checks. * Evidence: File SKILL.md contains 'git clone https://github.com/aquasecurity/trivy.git' followed by './trivy image'. * Risk: Downloads and executes code from a non-trusted external source (aquasecurity is not on the predefined trusted list).
- [COMMAND_EXECUTION] (LOW): The skill provides numerous examples of command-line operations for automation tasks like Docker builds, Helm deployments, and Kubernetes management. * Evidence: Usage of 'docker', 'helm', 'kubectl', and 'gitlab-runner' across all pipeline and runner configuration examples.
Audit Metadata