Skills
skills/gsd-build/gsd-2/github-workflows/Gen Agent Trust Hub

github-workflows

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection.
  • Ingestion points: Fetches live workflow syntax from docs.github.com and reads GitHub Action logs/workflow statuses via the gh CLI.
  • Boundary markers: Absent; no specific delimiters are used to wrap data retrieved from external documentation or repository logs.
  • Capability inventory: Scripts have permissions to create and modify GitHub issues, labels, milestones, and projects via PyGithub and gh CLI.
  • Sanitization: Absent; the skill relies on standard API wrappers without additional sanitization of retrieved text before processing.
  • [COMMAND_EXECUTION]: Orchestrates GitHub operations via subprocess calls to the gh CLI.
  • Evidence: github_project_setup.py uses subprocess.run to call gh api graphql with queries constructed via string concatenation. While intended for legitimate project management, this pattern requires careful validation of input parameters.
  • [EXTERNAL_DOWNLOADS]: References external configuration and documentation from trusted sources.
  • Evidence: SKILL.md retrieves workflow syntax from GitHub's official documentation and checks Node.js versions from nodejs.org.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 11:02 PM