deployment-checklist-generator
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Inclusion of unverified third-party GitHub Action. The
deploy.ymltemplate usestrstringer/manual-approval@v1. This repository is not on the list of trusted GitHub sources and will be executed with access to the GITHUB_TOKEN environment. - COMMAND_EXECUTION (LOW): Templates for shell scripts and workflows. The skill generates content involving
curl,jq, and local script execution. These are standard for CI/CD but represent an execution surface that users must manage. - CREDENTIALS_UNSAFE (SAFE): Correct secret management. The skill avoids hardcoded secrets, using GitHub Actions secret syntax and generic placeholders for testing.
Audit Metadata