worker-image-build
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill frequently executes shell commands via the
gh(GitHub CLI) tool. It constructs these commands by interpolating user-provided inputs such as<CONFIG_NAME>and<RUN_ID>. This is necessary for the skill's primary function but requires the agent to be cautious of malformed input. - [EXTERNAL_DOWNLOADS] (SAFE): The skill interacts with the
mozilla-platform-ops/worker-imagesrepository. Although Mozilla is not on the provided list of trusted GitHub organizations, it is a highly reputable entity. The skill triggers remote workflows rather than downloading and executing binary artifacts locally. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted user data without explicit sanitization or boundary markers.
- Ingestion points: User input for
<CONFIG_NAME>and<RUN_ID>inSKILL.mdandreferences/examples.md. - Boundary markers: Absent; user input is directly concatenated into shell strings.
- Capability inventory: Executes subprocess calls via
gh workflow run,gh run watch, andgh run view. - Sanitization: Absent; the skill relies on the underlying shell or agent to prevent command injection characters (e.g., semicolons or backticks).
Audit Metadata