github-actions
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides detailed instructions for using the GitHub CLI (
gh) to trigger workflows, monitor runs, and debug failures. It also suggests running local build tools such aspnpmandcargoto address issues found in the CI process. - [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch workflow logs and build artifacts from the vendor's repository (
codervisor/lean-spec) on GitHub usinggh run view --logandgh run download. These downloads originate from a well-known and trusted service. - [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection (Category 8) by processing untrusted data from the GitHub Actions environment.
- Ingestion points: External data is ingested through workflow logs and build artifacts as described in
SKILL.mdandreferences/COMMANDS.md. - Boundary markers: The instructions lack delimiters or explicit guidance to treat retrieved content strictly as data, which may allow instructions embedded in logs or artifacts to influence the agent.
- Capability inventory: The agent possesses capabilities to trigger workflows, download files, and execute local development scripts (
pnpm,cargo). - Sanitization: There is no evidence of sanitization or content validation for the data retrieved from the GitHub Actions environment before it is analyzed by the agent.
Audit Metadata