gha-security-review
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to ingest and analyze untrusted data from repository files.
- Ingestion points: The skill explicitly directs the agent to read .github/workflows/*.yml, CLAUDE.md, AGENTS.md, .cursorrules, Makefile, and shell scripts from potentially untrusted forks or pull requests.
- Boundary markers: The skill provides a structured four-step methodology (Classify, Check, Validate, Report) and includes safe/unsafe pattern tables to help the agent distinguish between data and instructions.
- Capability inventory: The skill allows the use of Read, Grep, Glob, Bash, and Task tools. These tools provide the capability to read files and execute shell commands for auditing purposes.
- Sanitization: There are no explicit content-filtering or sanitization mechanisms described for the input files; the skill relies on the LLM's internal safety guardrails and the provided auditing instructions.
- [SAFE]: The skill provides high-quality educational content regarding GitHub Actions security, referencing real-world attack campaigns to improve the accuracy of the agent's findings.
- [SAFE]: No evidence of hardcoded credentials, malicious data exfiltration, or obfuscation was found within the skill's instructions or reference materials.
Audit Metadata