github-actions-workflow-design
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No prompt injection or behavior override instructions were found. The instructions focus on structured workflow design and quality standards.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or credentials detected. The skill explicitly provides guidance on secure secret handling and minimizing GITHUB_TOKEN privileges.
- [EXTERNAL_DOWNLOADS]: The skill neutrally references the official actions/cache repository from GitHub's organization in its code snippets for demonstration purposes.
- [COMMAND_EXECUTION]: No dangerous system commands, shell executions, or administrative privilege requests were identified.
- [REMOTE_CODE_EXECUTION]: No patterns of remote script execution or untrusted package installation were found. It provides static YAML templates rather than executable code.
- [DATA_EXFILTRATION]: No network operations or unauthorized data transfer patterns were detected.
Audit Metadata