workflow-preflight
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to discover and execute shell commands from the codebase, such as scripts in package.json, Makefile targets, or language-specific test runners.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by extracting and executing commands found in untrusted project documentation and configuration files.
- Ingestion points: The skill reads commands from README.md, package.json scripts, and .github/workflows/*.yml.
- Boundary markers: No specific boundary markers or 'ignore' instructions are used when interpolating these commands into the shell.
- Capability inventory: The skill uses the Bash tool, allowing for arbitrary command execution on the host.
- Sanitization: There is no evidence of validation or sanitization for the commands extracted from external files.
- [EXTERNAL_DOWNLOADS]: The skill pulls the official semgrep/semgrep image from Docker Hub and utilizes package managers to run remote tools. These operations target well-known and trusted technology services.
Audit Metadata