Security audit
GitHub Workflow
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent read-only GitHub workflow plugin, but users should know it needs a GitHub token and may read PR, issue, commit, and diff data from repositories the token can access.
This plugin looks safe for its stated read-only GitHub workflow purpose. Before installing, create the narrowest GitHub token you can, avoid broad private-repo access unless needed, configure defaultRepos to limit what the agent searches, and be cautious about enabling any scheduled digest feature.
VirusTotal
No VirusTotal findings
Static analysis
No suspicious patterns detected.
