workflow-audit
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
bwwl(Bitwarden Workflow Linter) CLI to scan GitHub action files. This tool is executed within a restricted environment where theBashtool is limited to commands starting withbwwl:*, preventing arbitrary command execution. - [SAFE]: The skill explicitly enforces a "read-only" constraint, ensuring that the agent does not modify, create, or delete any files during the audit process.
- [SAFE]: Includes a prerequisite check for the
bwwltool. It instructs the agent to stop and inform the user if the tool is missing, specifically forbidding the agent from attempting to install it automatically, which prevents potential supply chain or unauthorized software installation risks.
Audit Metadata