Skills
skills/github/gh-aw-firewall/debugging-workflows/Gen Agent Trust Hub

debugging-workflows

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and custom TypeScript scripts to interact with workflow runs. The scripts (download-workflow-logs.ts and download-workflow-summary.ts) utilize spawnSync with array-based arguments and include strict regex validation for all input parameters (run IDs, workflow names, and repository identifiers), effectively preventing command injection.
  • [EXTERNAL_DOWNLOADS]: Fetches workflow logs, summaries, and artifacts from GitHub's infrastructure. It also uses npx to execute the tsx runner, which may download the tsx package from the official npm registry, a well-known service.
  • [PROMPT_INJECTION]: The skill is subject to the inherent risk of indirect prompt injection when processing GitHub Action logs, as these are external data sources that could contain malicious instructions.
  • Ingestion points: Workflow logs and summaries are ingested via gh run view --log and gh run download in the provided TypeScript scripts.
  • Boundary markers: None are present for the raw log content.
  • Capability inventory: The skill has access to shell tools (gh, curl, npx), file system writes, and network access to GitHub.
  • Sanitization: While input arguments for the scripts are strictly validated, the content of the logs being processed is not sanitized. Given the skill's purpose as a debugging tool, this risk is localized to the developer's workflow context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 01:37 PM