devops-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured guidance and templates for senior DevOps engineers. All provided code snippets for infrastructure as code (Terraform), container orchestration (Kubernetes), and CI/CD (GitHub Actions) align with secure industry defaults. Examples include using read-only root filesystems, resource limits, and health checks. Any credentials used in manifests or scripts are generic placeholders (e.g., 'user:pass').
- [EXTERNAL_DOWNLOADS]: The skill references well-known and trusted software delivery tools and GitHub Actions. This includes official actions from Docker, Sigstore (Cosign), and Aqua Security (Trivy), as well as standard package registries for Node.js and Python.
- [COMMAND_EXECUTION]: Includes automation scripts for operational tasks like incident evidence collection and artifact promotion. These scripts utilize standard command-line tools such as kubectl, terraform, gh, and git in a manner consistent with the skill's primary administrative purpose.
Audit Metadata