github-actions
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [SAFE] (SAFE): No malicious patterns, obfuscation, or data exfiltration attempts were identified. The content is strictly limited to CI/CD documentation and templates.
- [EXTERNAL_DOWNLOADS] (INFO): The skill references several third-party actions (e.g., dorny/paths-filter, peter-evans/create-pull-request). These are widely adopted community actions pinned to versions and do not represent a security risk in this context.
- [PROMPT_INJECTION] (SAFE): The skill contains no instructions designed to bypass agent constraints. Conversely, it includes explicit security warnings to help users avoid command injection vulnerabilities in their own workflows.
- [COMMAND_EXECUTION] (SAFE): Includes standard references to the GitHub CLI (gh) and package managers (npm, pip). All commands are benign and directly related to the stated purpose of managing CI/CD pipelines.
Audit Metadata