preview-environments-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard GitHub Actions (
actions/checkout,actions/setup-node,actions/github-script) and a popular community action (amondnet/vercel-action). These are expected in the context of CI/CD configuration. - [COMMAND_EXECUTION] (SAFE): Includes common shell commands for building and deploying applications (
npm ci,docker build,kubectl apply,psql). These are provided as templates for the user's infrastructure and do not represent arbitrary or hidden execution. - [CREDENTIALS_UNSAFE] (SAFE): Correctly utilizes GitHub Secrets (
${{ secrets.VERCEL_TOKEN }}, etc.) rather than hardcoding credentials. - [INDIRECT_PROMPT_INJECTION] (SAFE): While the workflows use dynamic data (PR numbers), they are used as identifiers in shell commands and configuration, which is standard practice in CI/CD and does not expose a significant injection surface for the agent itself.
Audit Metadata