github-agentic-workflows
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documents patterns for agents that ingest untrusted data from GitHub Issues, Pull Requests, and comments.
- Ingestion points: GitHub Issues, Pull Request content, and comments (
SKILL.md). - Boundary markers: The documentation suggests using structured outputs and 'threat-detection' layers, though specific prompt delimiters are not always shown in examples.
- Capability inventory: High capabilities including file system access (
edit,create), shell execution (bash), and repository management (githubtools) (SKILL.md). - Sanitization: Emphasizes a 'Safe Outputs' architecture and 'threat-detection' scanning to sanitize AI-generated actions.
- [COMMAND_EXECUTION]: Describes a
bashtoolset that allows the agent to execute shell commands such asnpmandgitwithin the workflow environment (SKILL.md). - [EXTERNAL_DOWNLOADS]: Mentions the installation of the
github/gh-awCLI extension and references external templates from thegithuborganization (SKILL.md).
Audit Metadata