github-project-automation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill provides shell scripts (
setup-github-project.sh,sync-templates.sh,generate-codeowners.sh) for automating repository configuration. These scripts perform standard file operations (cp, mv, mkdir) and execute local git/gh commands to manage the repository state. - EXTERNAL_DOWNLOADS (SAFE): GitHub Action templates utilize official actions (e.g.,
actions/checkout,actions/setup-node) pinned to specific commit SHAs to prevent supply chain attacks via tag-shifting. - DATA_EXFILTRATION (SAFE): No unauthorized data collection or exfiltration attempts were found. Network interactions are limited to standard health check placeholders and local GitHub API calls for configuration.
- PROMPT_INJECTION (SAFE): No instructions targeting agent behavior modification or safety filter bypasses were detected within the templates or scripts.
Audit Metadata