deployment-automation
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides Docker, GitHub Actions, Kubernetes, and Vercel configuration templates that follow established security best practices.
- [SAFE]: Uses multi-stage Docker builds with official Alpine-based images from trusted registries, minimizing the attack surface.
- [SAFE]: Implements secure container practices by defining a non-root user and including automated health checks in the Dockerfile.
- [SAFE]: Employs standard GitHub Actions from verified publishers and trusted organizations (GitHub, Docker, Codecov) for CI/CD pipelines.
- [SAFE]: Provides Kubernetes manifests that utilize Secret resources for sensitive configuration instead of hardcoding values.
- [SAFE]: Explicitly prohibits the inclusion of secrets in version control and enforces the use of production environment modes through strict instructions.
- [SAFE]: Shell scripts for deployment and environment switching perform standard administrative tasks related to the skill's primary purpose without suspicious behavior.
Audit Metadata