secrets-management
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references official GitHub Actions from trusted providers, including hashicorp/vault-action and aws-actions/configure-aws-credentials, as well as well-known Docker images like trufflesecurity/trufflehog for secret scanning.
- [CREDENTIALS_UNSAFE]: The skill includes placeholder credentials (e.g., VAULT_TOKEN='root', password='secret') within illustrative code blocks intended for local development and education. These are not real production secrets and the guide explicitly warns against hardcoding sensitive information.
Audit Metadata