github-workflow-standards
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines an attack surface for indirect prompt injection by instructing agents to process data from untrusted sources within a repository and its GitHub environment.\n
- Ingestion points: The agent is directed to read and use data from local configuration files (including
.git/config,package.json, and.github/agents/preferences.md) and remote data from the GitHub API (issues, pull requests, and discussions).\n - Boundary markers: The skill does not provide instructions for using delimiters or boundary markers to distinguish untrusted external content from agent instructions during prompt construction.\n
- Capability inventory: The agent has the capability to perform state-changing operations, such as posting comments, merging pull requests, and managing repository items.\n
- Sanitization: No specific input sanitization or filtering mechanisms are defined, although the skill includes a robust 'Safety Rules' section that mandates explicit user confirmation before any modifications to the repository state are executed.
Audit Metadata