cicd-github-actions
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides examples utilizing official actions from trusted organizations including GitHub (actions/), AWS (aws-actions/), Google (google-github-actions/), Docker (docker/), and Azure (azure/*).
- [EXTERNAL_DOWNLOADS]: References community-maintained actions such as
softprops/action-gh-release,nick-fields/retry, andmxschmitt/action-tmate. These are established tools in the GitHub Actions ecosystem and are presented as optional debugging or utility features. - [COMMAND_EXECUTION]: Provides instructions for using
mxschmitt/action-tmateto initiate interactive SSH sessions for troubleshooting. The skill mitigates potential persistence or unauthorized access risks by recommending the use ofif: failure()and a stricttimeout-minutesconstraint. - [DATA_EXFILTRATION]: Includes a debugging pattern to dump the GitHub context using
toJSON(github). This is a standard procedure for workflow development; however, it is documented alongside explicit instructions on using::add-mask::to prevent secret leakage in logs. - [PROMPT_INJECTION]: No prompt injection or override patterns were detected. The skill maintains a purely informational and educational tone.
Audit Metadata