gh-actions-validator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). The skill is designed to ingest untrusted data from
.github/workflows/files. Mandatory Evidence: 1. Ingestion points: File reads from the.github/workflows/directory. 2. Boundary markers: Absent; no instructions provide delimiters for the untrusted content. 3. Capability inventory: The skill utilizesBash(gcloud:*)and filesystemWrite/Edittools. 4. Sanitization: Absent. An attacker could place malicious instructions inside a workflow's YAML comments or metadata to trick the agent into executing unauthorized gcloud commands or exfiltrating sensitive cloud configurations. - [COMMAND_EXECUTION] (MEDIUM): The skill requires
Bash(gcloud:*)access and administrative gcloud permissions. While the stated goal is hardening, the broad capability to interact with Google Cloud resources poses a significant risk if the agent's logic is subverted via the aforementioned prompt injection vulnerability.
Recommendations
- AI detected serious security threats
Audit Metadata