action-audit
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is authored by a trusted vendor and performs read-only auditing tasks using well-known services (GitHub CLI and API). It explicitly forbids mutating operations through rules and platform configuration.
- [COMMAND_EXECUTION]: The skill instructs the agent to construct shell commands using variables derived from user input and parsed file content. While this creates a potential command injection surface if the agent does not sanitize inputs, it is a functional requirement for the auditing task.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks. 1. Ingestion points: Step 3 parses 'uses:' references from external GitHub workflow files. 2. Boundary markers: Absent; the skill does not define delimiters for parsed data. 3. Capability inventory: The skill uses the Bash tool to execute 'gh' commands and the GitHub API. 4. Sanitization: Absent; there are no instructions to sanitize or validate strings extracted from workflow files before they are used in subsequent API calls in Step 4.
Audit Metadata