ci-cd-architecture
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a comprehensive guide for CI/CD architecture. It explicitly incorporates and recommends multiple security hardening techniques, including OIDC for cloud authentication to avoid long-lived secrets, job-level permission scoping, and pinning GitHub Actions to specific commit SHAs to prevent supply chain attacks.
- [EXTERNAL_DOWNLOADS]: All external references and downloads mentioned in the documentation target well-known, trusted organizations and services. This includes official GitHub Actions from AWS (
aws-actions), Google (google-github-actions), and Docker (docker/build-push-action), as well as security tools like Trivy (aquasecurity) and StepSecurity. These references are documented neutrally as part of the standard CI/CD workflow. - [COMMAND_EXECUTION]: The skill provides static examples of common build and deployment commands (e.g.,
docker build,bun install,pnpm test). These are educational templates and do not involve the execution of unauthorized or malicious code. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill actively guides users to prevent data exposure by using OIDC instead of hardcoded credentials and by configuring
.dockerignoreto exclude sensitive files like.envfrom container images.
Audit Metadata