ci-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill templates reference several official GitHub Actions for CI/CD tasks. These include standard actions from GitHub (actions/checkout, actions/setup-node), Docker (docker/setup-buildx-action, docker/login-action, docker/metadata-action, docker/build-push-action), Google (googleapis/release-please-action), and Codecov (codecov/codecov-action). All referenced sources are well-known technology providers and trusted organizations.
- [COMMAND_EXECUTION]: The provided workflow templates include standard shell commands for development automation, such as Node.js dependency installation (npm ci) and GitHub CLI operations (gh pr create, gh pr review, gh pr merge). These executions are standard for CI/CD pipelines and are confined to the CI runner environment.
- [CREDENTIALS_UNSAFE]: The templates demonstrate the secure use of GitHub Actions secrets (e.g., GITHUB_TOKEN, SENTRY_AUTH_TOKEN, AUTO_MERGE_PAT) for authentication, following industry standards for managing sensitive credentials in automated workflows.
Audit Metadata