dotnet-gha-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official and widely-used GitHub Actions from trusted organizations including
actions,azure, anddockerfor workflow tasks such as repository checkout, .NET setup, and deployment orchestration. - [COMMAND_EXECUTION]: Implements standard build and deployment commands for the .NET ecosystem, such as
dotnet publish,docker build, andaz webapp. These are executed within the context of common CI/CD pipelines. - [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill explicitly recommends and demonstrates secure practices like using GitHub Secrets for sensitive values and OIDC for passwordless authentication with Azure.
- [PROMPT_INJECTION]: No prompt injection patterns or attempts to override system instructions were detected in the skill text or metadata.
- [SAFE]: The 'Agent Gotchas' section provides valuable security guidance, recommending the use of
set -euo pipefailin shell scripts to prevent silent failures and advising against hardcoding credentials in YAML files.
Audit Metadata