github-agentic-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill addresses prompt injection (ASI01) by defining a dedicated threat detection layer and secure prompt design patterns. Ingestion points: Processes data from GitHub issues and pull requests. Boundary markers: Recommends using delimiters and explicit 'ignore' instructions for untrusted content. Capability inventory: Includes GitHub repository write access and bash command execution. Sanitization: Provides examples of typed parameters and regex-based input validation.
- [COMMAND_EXECUTION]: Describes the use of shell tools within a restricted toolset, emphasizing the use of allowed-command lists and input sanitization to prevent command injection.
- [EXTERNAL_DOWNLOADS]: References the installation of the official github/gh-aw extension and standard package registries (npm, Maven), which are recognized as trusted sources.
- [REMOTE_CODE_EXECUTION]: Documents the 'gh aw add' functionality used to import workflow configurations from external URLs as part of the tool's management operations.
Audit Metadata