deployment-pipeline-design
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides comprehensive CI/CD architectural guidance that actively promotes security integrations, such as Static Analysis Security Testing (SAST) using GitHub CodeQL and GitLab security templates.
- [SAFE]: Includes explicit instructions for secret management, warning against committing credentials and recommending the use of environment secrets or vault integrations.
- [EXTERNAL_DOWNLOADS]: References official GitHub Actions (e.g.,
actions/checkout@v4,actions/setup-node@v4) and Docker images from well-known sources (e.g.,postgres:15,node:20). These downloads are standard for CI/CD workflows and follow established industry patterns. - [COMMAND_EXECUTION]: Contains shell commands for building, testing, and deploying applications (e.g.,
npm ci,docker build,kubectl set image). These are appropriate for the skill's purpose as a CI/CD design tool and use placeholder syntax for sensitive deployment logic. - [PROMPT_INJECTION]: No prompt injection or behavior override patterns were detected in the instructions or metadata.
Audit Metadata