Skills
skills/montimage/skills/devops-pipeline/Gen Agent Trust Hub

devops-pipeline

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the pre-commit framework from the Python Package Index (PyPI) and configures it to fetch hook definitions from various GitHub repositories.
  • [COMMAND_EXECUTION]: Utilizes shell commands to analyze project structure (e.g., ls -la), perform Git operations (git fetch, git pull, git push), and execute the local quality pipeline using pre-commit run.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the execution of remote code in the form of pre-commit hooks and GitHub Actions. All referenced repositories (such as those from actions, astral-sh, and PyCQA) are well-known and standard in the DevOps community.
  • [DATA_EXPOSURE]: Includes a configuration for the detect-private-key hook in its templates, which is a security best practice designed to prevent the accidental exposure of sensitive credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:36 PM