dotnet-gha-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill incorporates references to official GitHub-maintained actions such as
actions/checkout@v4,actions/setup-dotnet@v4,actions/cache@v4, andactions/upload-artifact@v4. These are well-known and trusted services for CI/CD operations. - [COMMAND_EXECUTION]: Includes standard build automation commands like
dotnet restore,dotnet build, anddotnet test. It also provides a pattern for dynamically generating matrix values using shell utilities likegrep,sed, andjqto parse local project files. - [CREDENTIALS_UNSAFE]: Correctly uses GitHub Actions secret syntax (e.g.,
${{ secrets.NUGET_AUTH_TOKEN }}) for passing sensitive information into the environment or reusable workflows. No hardcoded API keys, tokens, or other credentials were found.
Audit Metadata