ci-cd
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security threats or malicious patterns were identified. The skill serves as an educational resource for DevOps automation using established patterns.
- [EXTERNAL_DOWNLOADS]: The skill references standard, well-known GitHub Actions and CLI utilities used in modern software development pipelines.
- Trusted Actions: Utilizes official actions from the
actions/anddocker/organizations (e.g.,checkout,setup-node,build-push-action). - Verified Services: Integrates with well-known services like Vercel, Slack, and Codecov using standard authentication methods.
- [CREDENTIALS_UNSAFE]: The skill explicitly warns against hardcoding credentials in the 'Anti-Patterns' section.
- Correctly advocates for the use of GitHub Secrets (
${{ secrets.VERCEL_TOKEN }}) for sensitive deployment keys. - Uses non-sensitive, local-only credentials for service container examples (e.g.,
postgres:postgres@localhost). - [COMMAND_EXECUTION]: All command execution patterns (
runsteps) are standard for CI/CD tasks, such as installing dependencies (npm ci), running tests, and invoking deployment CLIs.
Audit Metadata