automation-audit-ops
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from repository configurations, creating a vulnerability surface for indirect prompt injection.
- Ingestion points: The workflow involves reading repo hooks, local hook scripts, GitHub Action workflows, and MCP configurations (SKILL.md).
- Boundary markers: The instructions do not define specific delimiters or security warnings to prevent the agent from following instructions potentially embedded within these external files.
- Capability inventory: The skill uses tools like github-ops and workspace-surface-audit to inspect the repository and execution logs.
- Sanitization: There is no evidence of sanitization or content validation for the data ingested from the repository's automation surfaces.
Audit Metadata