open-source-policy
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill implements and recommends security best practices, such as pinning GitHub Actions by commit hash (SHA) rather than mutable tags to prevent supply chain attacks.
- [EXTERNAL_DOWNLOADS]: Fetches trusted security tools and GitHub Actions from official sources including Sigstore, Anchore, FOSSA, and the SLSA framework.
- [COMMAND_EXECUTION]: Provides templates for standard repository management and build tasks using established tools like npm and the GitHub CLI (gh).
- [SAFE]: References to external documentation and policies are hosted on the author's official Hack23 GitHub organization, and no sensitive credentials or private data access were detected.
Audit Metadata