devsecops-expert
Expert DevSecOps engineer specializing in secure CI/CD pipelines, security automation, and compliance as code for robust infrastructure security.
Install this skill
Security score
The devsecops-expert skill was audited on Feb 9, 2026 and we found 19 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Eval function call - arbitrary code execution
| 1072 | echo 'eval(user_input)' > test.py |
Template literal with variable interpolation in command context
| 51 | ```yaml |
Template literal with variable interpolation in command context
| 201 | ```yaml |
Template literal with variable interpolation in command context
| 269 | ```yaml |
Template literal with variable interpolation in command context
| 295 | ```yaml |
Template literal with variable interpolation in command context
| 323 | ```yaml |
Template literal with variable interpolation in command context
| 408 | ```yaml |
Template literal with variable interpolation in command context
| 695 | ```yaml |
Python subprocess execution
| 1122 | result = subprocess.run( |
Python subprocess execution
| 1130 | result = subprocess.run( |
Python subprocess execution
| 1138 | result = subprocess.run( |
Access to hidden dotfiles in home directory
| 276 | path: ~/.cache/trivy |
Access to hidden dotfiles in home directory
| 281 | run: trivy image --cache-dir ~/.cache/trivy app:test |
Access to .env file
| 1079 | echo 'AWS_KEY=AKIAIOSFODNN7EXAMPLE' > test.env |
Access to .env file
| 1081 | rm test.env |
External URL reference
| 558 | server: "https://vault.example.com" |
External URL reference
| 780 | issuer: "https://token.actions.githubusercontent.com" |
External URL reference
| 782 | url: https://rekor.sigstore.dev |
External URL reference
| 1012 | issuer: "https://token.actions.githubusercontent.com" |