managing-github-ci
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No malicious prompt injection patterns or attempts to override agent safety protocols were detected.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file exfiltration patterns were identified. The skill correctly demonstrates using GitHub Secrets (
NPM_TOKEN,GITHUB_TOKEN) for authentication. - [External Downloads] (SAFE): The skill references standard, well-known GitHub Actions (e.g.,
actions/checkout,pnpm/action-setup) and established package managers likepnpmandnpm. - [Remote Code Execution] (SAFE): No instances of executing remote scripts via
curl | bashor unsafe dynamic code evaluation were found. - [Command Execution] (SAFE): Tool usage is limited to the GitHub CLI (
gh) and standard project management commands (pnpm), which is appropriate for the skill's stated purpose. - [Indirect Prompt Injection] (SAFE): While the skill interacts with external data (PR content and logs), the risk is minimal and inherent to the functionality of CI/CD management tools.
Audit Metadata