Skills
skills/hack23/riksdagsmonitor/GitHub Actions Integration for Agentic Workflows/Gen Agent Trust Hub

GitHub Actions Integration for Agentic Workflows

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill documents workflows that process untrusted text from external participants. \n
  • Ingestion points: Untrusted content from ISSUE_BODY, PR_TITLE, PR_BODY, and github.event.comment.body is ingested in agent-pr-analysis.yml, agent-issue-triage.yml, and agent-manual-task.yml. \n
  • Boundary markers: No specific boundary markers or 'ignore' instructions for the agent are defined in the workflow templates. \n
  • Capability inventory: The agents have permissions to write comments, add labels, assign users, and create new pull requests. \n
  • Sanitization: No explicit sanitization of the untrusted text is performed before it is passed to the analysis scripts. \n- [COMMAND_EXECUTION]: Local scripts (e.g., pr-analyzer.js, issue_triage.py) are executed in the runner environment with arguments derived directly from GitHub event variables. \n- [EXTERNAL_DOWNLOADS]: The workflow steps include the installation of several external dependencies from public registries (npm and PyPI), including MCP tools and AI SDKs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 11:52 PM