The Agent Skills Directory

[Data Exposure] (SAFE): The action_usage_analyzer.ts and workflow_validator.ts scripts read workflow files from the local file system. This is consistent with their stated purpose and no network transmission of this data was detected.
[Indirect Prompt Injection] (LOW): The scripts ingest untrusted YAML files for analysis.
Ingestion points: Reads files from directories specified via CLI arguments (defaulting to .github/workflows).
Boundary markers: Absent; the tools treat the parsed YAML as structured data to be analyzed.
Capability inventory: File system read/write (writing .github/dependabot.yml). No network or subprocess execution.
Sanitization: Uses the yaml library for parsing, which is a standard and safe approach for handling structured data without executing it.
[Command Execution] (SAFE): While the scripts use Node.js fs and path modules to interact with the file system, they do not spawn shells or execute arbitrary commands based on the content of the analyzed files.

github-actions-pipeline-builder