Skills
skills/jeo-tech-ai/oh-my-unity3d/workflow-automation/Gen Agent Trust Hub

workflow-automation

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/deploy.sh file contains logic to execute commands on remote production and staging servers using SSH. While standard for deployment, this allows for arbitrary remote command execution.
  • [COMMAND_EXECUTION]: The package.json and Makefile files include destructive commands such as rm -rf dist node_modules which can lead to data loss if executed in the wrong directory.
  • [COMMAND_EXECUTION]: The skill uses docker and docker-compose to manage system containers, which typically requires elevated privileges.
  • [EXTERNAL_DOWNLOADS]: The automation scripts utilize npm install and npm ci to fetch and install external dependencies from the npm registry.
  • [REMOTE_CODE_EXECUTION]: The GitHub Actions workflow (ci.yml) uses external actions like codecov/codecov-action@v3. These are from well-known services but involve executing third-party code in the CI environment.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 11:59 AM