ci-cd
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to fetch runner installation scripts and binaries from official, well-known repositories such as GitLab's package registry and GitHub's runner releases. These sources are considered safe and are documented neutrally.
- [COMMAND_EXECUTION]: Includes standard administrative shell commands (e.g.,
sudo,systemctl,apt-get) required for the legitimate configuration of infrastructure components like CI runners and system services. - [PROMPT_INJECTION]: The skill involves processing untrusted repository data and CI event metadata (e.g., issue titles, PR descriptions). It explicitly documents security patterns to prevent expression injection within these pipelines, effectively teaching secure handling of untrusted input.
- [DATA_EXFILTRATION]: Specifically warns against the hardcoding of secrets and provides detailed strategies for using secure, platform-native secret management tools (e.g., GitHub/Forgejo Secrets, GitLab masked variables).
Audit Metadata