gh-actions-validator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell scripts (
scripts/setup-wif.shandscripts/validate-workflow.sh) to automate the configuration of Google Cloud IAM resources and audit local configuration files. These actions are performed using thegcloudCLI and standard Unix utilities, which are appropriate for the skill's stated purpose of CI/CD security validation. - [EXTERNAL_DOWNLOADS]: The skill references official documentation and resources from well-known services, including Google Cloud (cloud.google.com) and GitHub (github.com). No external executable code is downloaded or executed from untrusted third-party sources.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) because it ingests and processes untrusted data from the
.github/workflows/directory. While no malicious injection was found in the skill itself, an attacker-controlled workflow file could attempt to influence the agent's behavior during an audit. - Ingestion points: The
validate-workflow.shscript and skill instructions specify reading files from.github/workflows/(SKILL.md, validate-workflow.sh). - Boundary markers: Absent. The skill reads file contents without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has access to powerful tools including
Bash(gcloud:*),Write, andEdit(SKILL.md). - Sanitization: No evidence of sanitization or filtering of the ingested workflow content before processing (validate-workflow.sh).
Audit Metadata