pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a structured CI/CD orchestration framework for managing software development workflows. All identified technical operations, such as shell command execution and subagent spawning, are strictly aligned with the documented purpose of coordinating a build pipeline.
- [COMMAND_EXECUTION]: The skill executes standard shell commands for git operations (worktree, push, merge), testing tools (cargo-mutants, playwright), and network utilities (curl, wget). these tools are used as expected for operational tasks like checking CI status, running test suites, and pushing code to the project's remote repositories.
- [EXTERNAL_DOWNLOADS]: Installation instructions reference 'npx skills add jwilger/agent-skills', which is a vendor-owned resource for managing skill dependencies. This is a standard practice for extending agent capabilities within this development ecosystem.
- [REMOTE_CODE_EXECUTION]: The skill coordinates complex tasks by spawning subagents via the Agent() function to handle specific roles like TDD pairing and code review. This delegation is a core architectural feature and uses scoped context to prevent uncontrolled or unintended execution.
- [DATA_EXFILTRATION]: The skill processes project source files, event models, and CI results to provide context for implementation agents. While it performs network operations such as 'git push', these are directed at the project's own infrastructure for the intended purpose of code integration.
Audit Metadata