Skills
skills/bagelhole/devops-security-agent-skills/github-actions/Gen Agent Trust Hub

github-actions

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (LOW): The 'Self-Hosted Runners' section provides instructions to download the official runner from github.com/actions/runner, which is a trusted GitHub organization. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW.
  • Data Exposure & Exfiltration (LOW): The debugging section demonstrates how to log the full GitHub context using ${{ toJson(github) }}. While common for debugging, this practice can lead to sensitive environment metadata being exposed in public or internal build logs.
  • Indirect Prompt Injection (LOW): A vulnerability surface for indirect prompt injection exists in the workflow dispatch examples:
  • Ingestion points: untrusted inputs in workflow_dispatch (SKILL.md).
  • Boundary markers: Absent in documentation examples.
  • Capability inventory: Arbitrary shell execution via run steps (SKILL.md).
  • Sanitization: None; input is directly interpolated into shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:42 PM