github-actions-writer
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and downloads software from well-known and trusted sources.
- The
kubernetes-gitops.ymltemplate fetches the ArgoCD CLI directly from the official ArgoProj GitHub repository. - Multiple templates utilize well-known third-party GitHub Actions such as
aquasecurity/trivy-action,docker/metadata-action, anddorny/paths-filter. - [COMMAND_EXECUTION]: The provided workflow templates include standard CI/CD commands.
- Templates include package manager operations such as
npm install,npm ci, andpip installto manage dependencies within the GitHub Actions runner environment. - The
kubernetes-gitops.ymltemplate usessudoto move the downloaded ArgoCD binary to the system path, which is a common requirement for runner environments. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its core functionality.
- Ingestion points: The agent is instructed to read, analyze, and troubleshoot existing GitHub Actions workflow files provided by the user, as documented in the 'Workflow Analysis and Enhancement' and 'Debugging and Troubleshooting' sections of
SKILL.md. - Boundary markers: There are no explicit instructions or markers used to delimit untrusted user-provided workflow content from the agent's internal instructions.
- Capability inventory: The skill's primary capability is generating and modifying executable YAML configurations. It also provides Python scripts (
validate_workflow.pyandsecurity_audit.py) to assist in the validation process. - Sanitization: The skill does not implement specific sanitization or filtering of user-provided workflow content before the agent processes it for analysis or optimization.
Audit Metadata