add-artifact-attestations-to-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill integrates official GitHub Actions from trusted sources including 'actions/attest-build-provenance' and 'docker/build-push-action' to handle build processes and security attestations.
- [COMMAND_EXECUTION]: It employs standard git commands such as 'git add' and 'git commit' to manage local configuration changes. These operations are restricted to the local repository context.
- [DATA_EXFILTRATION]: No patterns of sensitive data exposure were found. Registry authentication is handled using standard GitHub Actions secrets placeholders, which follow security best practices.
- [PROMPT_INJECTION]: The instructions provide clear, functional steps for the agent without any attempts to bypass safety protocols or override core instructions.
Audit Metadata