Skills
skills/pjt222/development-guides/implement-gitops-workflow/Gen Agent Trust Hub

implement-gitops-workflow

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Kubernetes installation manifests and command-line binaries from official Argo Project repositories on GitHub.
  • Evidence:
  • https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
  • https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
  • https://raw.githubusercontent.com/argoproj-labs/argocd-image-updater/stable/manifests/install.yaml
  • https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
  • [COMMAND_EXECUTION]: Utilizes bash commands to manage Kubernetes resources, install local binaries, and configure the Argo CD environment.
  • Evidence:
  • Extensive use of kubectl, curl, and sudo install for tool setup.
  • Execution of argocd CLI for repository and application management.
  • [CREDENTIALS_UNSAFE]: Manages sensitive authentication data using best practices such as environment variables and Kubernetes secrets.
  • Evidence:
  • References $GITHUB_TOKEN, $SLACK_BOT_TOKEN, and $WEBHOOK_TOKEN as shell variables.
  • Retrieves the initial Argo CD admin password from a Kubernetes secret via kubectl and base64 decoding.
  • [REMOTE_CODE_EXECUTION]: Applies remote YAML manifests directly to the cluster using kubectl apply -f <URL>. This behavior is limited to official, trusted infrastructure tool repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 10:51 PM