DevOps Practices
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill acts as a legitimate documentation and template repository for deployment automation. No malicious instructions or hidden behaviors were detected.\n- [EXTERNAL_DOWNLOADS]: Refers to official GitHub Actions from trusted organizations such as 'actions', 'docker', and 'azure', as well as well-known services like 'codecov'. Docker images use official Alpine-based Node.js base images, which are considered safe sources.\n- [CREDENTIALS_UNSAFE]: Demonstrates secure practices for handling sensitive data by using CI/CD secret references (e.g., secrets.AZURE_CREDENTIALS) and placeholders rather than hardcoding actual secrets.\n- [COMMAND_EXECUTION]: Contains standard administrative and build commands (npm, docker, helm, terraform, kubectl) that are strictly aligned with the skill's primary purpose of DevOps orchestration.
Audit Metadata