ci-cd-pipelines
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill contains literal hardcoded credentials in YAML configuration snippets, specifically
POSTGRES_PASSWORD: testand aDATABASE_URLwith embedded credentials. Although used in a test context, literal secrets are flagged as high risk per security standards. - [EXTERNAL_DOWNLOADS] (MEDIUM): Multiple external resources are referenced from non-trusted organizations, including standard GitHub Actions (
actions/checkout,actions/setup-node) and third-party actions (codecov/codecov-action), as well as Docker images likepostgres:16andnode:22-alpine. These dependencies are not verified against the defined trusted source list.
Recommendations
- AI detected serious security threats
Audit Metadata