hybrid-ci
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill consists of documentation and GitHub Action templates for managing CI/CD pipelines. It follows industry standards for automating builds, tests, and releases in hybrid environments.
- [EXTERNAL_DOWNLOADS]: The workflow templates reference external GitHub Actions. These include vendor-owned resources (e.g.,
codervisor/forge/actions/setup-workspace,codervisor/forge/actions/rust-cross-build) and well-known community actions (e.g.,actions/checkout,actions/setup-node,dtolnay/rust-toolchain,Swatinem/rust-cache). These are documented neutrally as standard project dependencies. - [COMMAND_EXECUTION]: The templates provide instructions to execute common development commands such as
pnpm build,cargo test, and local scripts (e.g.,pnpm tsx scripts/sync-versions.ts). These executions are essential to the skill's purpose of defining CI/CD steps. - [CREDENTIALS_UNSAFE]: The templates correctly utilize GitHub Secrets for sensitive information, such as
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}, adhering to security best practices for CI/CD secret management.
Audit Metadata