posture-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill instructions strictly enforce security standards for automation code, requiring the use of OIDC for identity management, explicit scoped permissions blocks, and full-length COMMIT SHA pinning for all external actions to mitigate supply chain risks.
- [EXTERNAL_DOWNLOADS]: The skill promotes the integration of reputable security tools such as Google's OSV-scanner and the Step-Security Harden Runner action to provide audit logs and vulnerability detection within CI/CD environments.
Audit Metadata