secrets-management
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references several external resources from trusted and well-known providers for CI/CD automation.
- Integrates the
hashicorp/vault-action@v2GitHub Action for secret retrieval, which is maintained by the official HashiCorp organization. - Uses the
aws-actions/configure-aws-credentials@v4GitHub Action from the official AWS organization for cloud credential management. - References the
trufflesecurity/trufflehogDocker image for automated secret scanning, which is a widely recognized security tool. - [CREDENTIALS_UNSAFE]: The documentation contains hardcoded strings such as
VAULT_TOKEN='root'andpassword=secretwithin shell command examples. These are identified as dummy placeholder values specifically used for local development demonstrations (vault server -dev) and do not represent actual exposed secrets. - [COMMAND_EXECUTION]: Provides standard template commands for interacting with CLI tools like
vault,aws, andterraform. These commands follow expected usage patterns for DevOps automation scripts.
Audit Metadata