update-github-actions-version
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill queries version information and changelogs from GitHub's official repository release pages to determine available updates.
- [COMMAND_EXECUTION]: The agent is instructed to perform git operations, specifically adding and committing changes to the local repository following updates.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted external content.
- Ingestion points: The agent reads data from local workflow files in
.github/workflows/and external release notes or changelogs from various GitHub repositories. - Boundary markers: The instructions do not define boundary markers or explicit directives to ignore potential instructions embedded within the processed changelogs or workflow comments.
- Capability inventory: The agent has the capability to write to the filesystem and execute version control commands based on the context retrieved from these external sources.
- Sanitization: No sanitization or validation steps are defined for the content retrieved from external sources before it is used to influence modifications to the project's CI/CD configuration.
Audit Metadata