github-actions-templates
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill provides workflow templates that reference external GitHub Actions from trusted organizations like 'actions' (GitHub), 'aws-actions' (Amazon), and 'docker'. Although some security examples use the '@master' tag instead of a pinned version, this is standard in documentation and pertains to the user's CI/CD environment rather than the agent's execution context.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials or API keys were found. The templates correctly demonstrate the use of GitHub Secrets (e.g., '${{ secrets.GITHUB_TOKEN }}', '${{ secrets.AWS_ACCESS_KEY_ID }}') for secure credential management.
- [COMMAND_EXECUTION] (SAFE): The shell commands included in the templates (such as 'npm test', 'kubectl apply') are standard for automation workflows and are intended to be executed within the user's CI/CD pipeline, posing no direct risk to the agent's host environment.
Audit Metadata