create-github-action-workflow-specification
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core function of processing external data.
- Ingestion points: The agent ingests potentially untrusted data from the
${input:WorkflowFile}parameter. - Boundary markers: The instructions fail to define explicit delimiters or include 'ignore embedded instructions' warnings for the input file content.
- Capability inventory: The skill's capabilities are restricted to analyzing text and generating markdown files in the
/spec/directory; it lacks system command execution or network access. - Sanitization: No input validation or sanitization is performed on the workflow content before it is processed by the agent.
Audit Metadata