Automating with GitHub Actions
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary content consists of legitimate documentation and boilerplate templates for CI/CD automation.
- [EXTERNAL_DOWNLOADS]: The workflow examples reference official GitHub Actions (e.g., 'actions/checkout', 'actions/setup-node') and Docker Actions (e.g., 'docker/login-action') from trusted repositories and well-known services.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by using standard interpolation for secrets (e.g., '${{ secrets.DEPLOY_TOKEN }}') and explicitly warns against hardcoding secrets in its best practices section.
- [COMMAND_EXECUTION]: Templates include standard build, test, and deployment commands (e.g., 'npm ci', 'npm test', './deploy.sh') which are appropriate for the stated purpose of GitHub Actions automation.
Audit Metadata