workflow-fix
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes specific CLI tools such as bwwl, git, and gh, which are appropriately scoped in the allowed-tools configuration. It explicitly forbids automated installations and requires tools to be pre-installed by the user.
- [DATA_EXFILTRATION]: The skill accesses GitHub workflow files and metadata via the GitHub API (GET requests only). Access is strictly restricted to the .github/ directory, preventing unauthorized access to sensitive application code or environment secrets.
- [PROMPT_INJECTION]: The skill processes workflow files which could potentially contain untrusted content. This indirect prompt injection surface is mitigated by strict operational rules: the agent must present a diff and obtain user confirmation before every commit, and all PRs must be created as drafts, ensuring a human-in-the-loop validation process.
Audit Metadata