github-actions
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides extensive documentation on security hardening, specifically identifying risks like command injection, hardcoded secrets, and over-privileged tokens.
- [SAFE]: All external actions referenced in the templates are from established, trusted organizations such as GitHub, Superfly, and Heroku.
- [SAFE]: The skill provides an evaluation framework that scores workflows based on security best practices, encouraging users to adopt safe coding standards.
- [SAFE]: The use of the 'mxschmitt/action-tmate' action for SSH debugging is presented within a troubleshooting context with appropriate conditional execution ('if: failure()').
Audit Metadata