gitops-pipeline-developer
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements standard DevOps and CI/CD practices for automating release pipelines.
- [EXTERNAL_DOWNLOADS]: The skill fetches several well-known utility binaries during the pipeline setup stage, including 'cosign' from Sigstore's GitHub releases, 'grype' and 'syft' from Anchore's official installation scripts, and 'sonar-scanner' from SonarSource. These sources are established technology providers and are considered safe.
- [COMMAND_EXECUTION]: Shell commands used throughout the skill (e.g., git, skopeo, buildctl, yq) are standard for CI/CD tasks like building images, pushing to registries, and updating GitOps repositories.
- [REMOTE_CODE_EXECUTION]: The use of 'curl | sh' patterns for tool installation (specifically for Grype and Syft) is documented and targets official repositories from recognized security vendors.
Audit Metadata