Skills
skills/akillness/oh-my-skills/game-ci-cd-pipeline/Gen Agent Trust Hub

game-ci-cd-pipeline

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions do not contain any patterns typical of prompt injection attacks. There are no attempts to bypass safety filters, extract system prompts, or override agent behavior. The instructions are focused on providing structured analysis of CI/CD workflows.
  • [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file paths, or suspicious network operations were found. The skill references official documentation from well-known services (Unity and Epic Games) for legitimate technical guidance.
  • [OBFUSCATION]: The content is clear and readable. No hidden characters, encoded payloads (such as Base64 or Hex), or steganographic techniques were detected in the text or metadata.
  • [REMOTE_CODE_EXECUTION]: There are no patterns indicating the download or execution of remote scripts. The skill does not attempt to install external packages or execute commands from untrusted sources.
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data, such as build logs and CI/CD workflow descriptions.
  • Ingestion points: Data enters the agent's context through user-provided descriptions of CI/CD failures and attached build logs (referenced in SKILL.md Step 2).
  • Boundary markers: The instructions do not explicitly require the agent to use delimiters or ignore embedded instructions when reading user-provided content.
  • Capability inventory: The skill allows access to Bash, Read, Write, Edit, Glob, and Grep tools (defined in the SKILL.md frontmatter).
  • Sanitization: There are no explicit sanitization or validation steps for external content before processing.
  • Although the surface exists, the instructions are highly specific and focus on structural analysis, which mitigates the risk of accidental instruction obedience from data.
  • [DYNAMIC_EXECUTION]: The skill does not generate or compile code at runtime. It focuses on auditing existing configuration files and logs.
  • [METADATA_POISONING]: The metadata in the YAML frontmatter and SKILL.toon is consistent with the skill's stated purpose and author identity.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 07:41 AM