ci-cd
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill generates and recommends execution of standard development commands via a
Justfileandnpx(e.g.,npx biome check .,npx vitest run). These commands are essential for the skill's purpose of automating linting and testing. - [EXTERNAL_DOWNLOADS] (SAFE): The skill guides the user to install common development dependencies from the npm registry (e.g.,
@biomejs/biome,vitest,husky). These are trusted, well-known packages in the developer ecosystem. - [CREDENTIALS_UNSAFE] (SAFE): Resource files contain example database credentials (e.g.,
POSTGRES_PASSWORD: test_pass). These are clearly intended for local development and testing environments within Docker containers and do not constitute a risk of production secret exposure. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill performs project analysis by reading local configuration files (e.g.,
package.json, existing CI configs). While this constitutes an ingestion point for untrusted data, the subsequent actions—generating config files from templates—minimize the risk of executing attacker-controlled instructions. - [DATA_EXFILTRATION] (SAFE): Analysis of network-capable commands (npm, docker compose) shows they are used exclusively for their intended purposes of package management and container orchestration. No evidence of sensitive file access or transmission to external domains was found.
Audit Metadata