Skills
skills/jim60105/copilot-prompt/add-artifact-attestations-to-workflow/Gen Agent Trust Hub

add-artifact-attestations-to-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references several well-known GitHub Actions to perform container registry logins, image building, and attestation creation.
  • Evidence: docker/login-action@v3, docker/build-push-action@v5, and actions/attest-build-provenance@v3 are used.
  • [COMMAND_EXECUTION]: The skill uses local git commands to stage and commit the modified workflow files.
  • Evidence: Executes git add and git commit --signoff.
  • [PROMPT_INJECTION]: The skill processes existing workflow files from the repository to identify insertion points for new steps. This is a common pattern for developer-focused skills.
  • Ingestion points: Reads YAML files from .github/workflows/.
  • Boundary markers: None specifically defined for the reading process.
  • Capability inventory: Modifies local files and executes git commands.
  • Sanitization: Not applicable as it performs structured YAML modifications based on the user's existing CI/CD logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 02:04 AM