action-builder
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): Analysis of the skill instructions and reference materials found no evidence of prompt injection, malicious command execution, or unauthorized data access. The skill acts as a legitimate development guide.
- INFO (LOW): The provided code snippets for GitHub Actions include patterns (such as direct input interpolation in shell scripts) that are susceptible to command injection if used with untrusted inputs in a production environment. This is a common pattern in documentation but should be noted as a security best-practice violation.
- INFO (LOW): References to 'node16' in templates involve an end-of-life version of Node.js; modern actions should target 'node20'.
Audit Metadata