workflow-automation
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill defines several scripts intended for use with the
Bashtool to manage local project tasks. Thescripts/dev-setup.shscript automates the installation of dependencies, configuration of environment files, and orchestration of Docker services. Additionally, thepackage.jsonandMakefileinclude commands for file system cleanup usingrm -rf. - [REMOTE_CODE_EXECUTION]: The
scripts/deploy.shtemplate includes instructions for performing remote deployments usingssh. This capability allows the agent to execute a sequence of commands (such as pulling code and restarting services) on external staging or production servers, which represents a significant level of remote infrastructure access. - [EXTERNAL_DOWNLOADS]: The skill's workflow frequently utilizes
npm installandnpm cito fetch and install third-party dependencies from the public npm registry. It also references official GitHub Actions and third-party integrations, such ascodecov-action, for its CI/CD pipeline configuration. - [COMMAND_EXECUTION]: The provided scripts reference external dependencies, such as
scripts/wait-for-it.sh, which are not included in the skill's source files. These scripts would be executed during the environment setup phase.
Audit Metadata