upstream-fix-and-pin
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill content is purely instructional and provides a methodology for development workflows without any malicious triggers or unsafe behaviors.
- [EXTERNAL_DOWNLOADS]: Describes pinning dependencies to specific commit SHAs on GitHub. This practice utilizes well-known infrastructure and enhances supply chain security by ensuring dependency code is immutable and verifiable.
- [COMMAND_EXECUTION]: References standard git commands for retrieving repository metadata. These operations are benign and typical for software version management in a development environment.
Audit Metadata