github-actions-starter
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official GitHub Actions (e.g.,
actions/checkout,actions/setup-node) and well-known service actions (e.g.,docker/login-action,codecov/codecov-action). These are standard components for CI/CD pipelines and originate from trusted or well-known organizations. - [COMMAND_EXECUTION]: The skill provides examples of standard shell commands (e.g.,
npm test,npm ci,docker build) within Bash blocks. These commands are representative of typical build and test processes and are appropriate for the skill's instructional purpose. - [CREDENTIALS_UNSAFE]: The documentation correctly emphasizes the use of GitHub Secrets (e.g.,
${{ secrets.GITHUB_TOKEN }}) for handling sensitive information, avoiding the risk of hardcoded credentials.
Audit Metadata