cloud-ops
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents numerous shell commands for managing the infrastructure, such as 'bun run infra' and 'bun run dev'. These commands are standard for managing Docker Compose environments as described in the skill's purpose.
- [EXTERNAL_DOWNLOADS]: The Docker configuration references images hosted on the GitHub Container Registry ('ghcr.io/valentinkolb/geo', 'ghcr.io/valentinkolb/filegate'). These are legitimate resources belonging to the skill's author.
- [CREDENTIALS_UNSAFE]: The documentation includes example environment variables with default development credentials (e.g., 'DATABASE_URL' with user/pass 'ipa:ipa') and an emergency admin login token ('dev-admin'). These are explicitly documented as development shortcuts and bootstrap values, following standard practices for local environment setup.
- [SAFE]: The CI/CD workflows and NPM publishing processes use standard security practices, such as OIDC trusted publishers for NPM, which avoids the use of hardcoded secrets.
Audit Metadata