ci-cd
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): Reference documentation includes standard commands for installing official CLI tools and runtimes from trusted sources like GitHub and NodeSource. These are standard in CI/CD environments and do not represent a threat.
- [COMMAND_EXECUTION] (SAFE): Example configurations and the provided validation script ('scripts/validate-workflow.sh') include shell commands for environment setup, testing, and deployment. These commands are typical for the skill's primary use case of managing build pipelines.
- [CREDENTIALS_UNSAFE] (SAFE): Several reference files contain placeholder credentials (e.g., 'POSTGRES_PASSWORD: test'). These are clearly marked as examples for local service containers and do not expose sensitive production secrets.
- [REMOTE_CODE_EXECUTION] (SAFE): The documentation mentions common installation patterns like 'curl | bash' for official tools. While these patterns require caution, they are used here in the context of official, trusted repositories for CI/CD infrastructure.
- [COMMAND_EXECUTION] (SAFE): The script 'scripts/validate-workflow.sh' processes user-provided workflow files through shell commands. While this creates a functional surface for processing untrusted data, the risk is negligible as it is a local development utility.
- Ingestion points: Workflow files provided as arguments to 'scripts/validate-workflow.sh'.
- Boundary markers: Absent.
- Capability inventory: 'curl', 'yq', 'python3', 'grep' in 'scripts/validate-workflow.sh'.
- Sanitization: Absent; the script relies on standard shell quoting.
Audit Metadata