github-actions-ci-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection from the target project's package.json file. \n
- Ingestion points: The script scripts/generate_ci_workflow.py reads project configuration, including scripts and dependencies, from package.json. \n
- Boundary markers: No boundary markers or instructions to ignore embedded commands are included in the generated YAML files. \n
- Capability inventory: The skill can write GitHub Action workflows to .github/workflows/ which are capable of executing shell commands. \n
- Sanitization: No validation or sanitization is performed on the values extracted from package.json before they are interpolated into the YAML run commands. \n- [External Downloads] (LOW): The skill generates code that invokes external deployment tools. \n
- Evidence: The generate_preview_workflow function in scripts/generate_ci_workflow.py includes a step using npx vercel. \n
- Trust Status: Vercel is a trusted organization as per the security analysis policy, which downgrades the severity of this external dependency.
Audit Metadata