pull-request-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill primarily consists of documentation and configuration templates for CI/CD pipelines.
- [EXTERNAL_DOWNLOADS]: The workflow templates reference GitHub Actions from trusted organizations, including actions/checkout, actions/setup-node, and actions/github-script from GitHub, and codecov/codecov-action from Codecov.
- [SAFE]: A helper script (scripts/scaffold-tests.sh) is provided for local test scaffolding; it contains standard bash boilerplate and no malicious commands.
- [SAFE]: Secrets handling in the provided templates (e.g., ${{ secrets.CODECOV_TOKEN }}) follows standard security practices for managing sensitive credentials in CI/CD pipelines.
Audit Metadata