Skills
skills/kjanat/skills/github-script/Gen Agent Trust Hub

github-script

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes reusable script logic in version-check-shared.mjs that executes the uv CLI via the @actions/exec toolkit. This is used for package version validation.
  • [PROMPT_INJECTION]: Documentation in references/security.md provides detailed guidance on preventing script injection. It correctly identifies the risk of direct ${{ ... }} interpolation and recommends using environment variables or the context object as a secure alternative.
  • [SAFE]: All external module references, such as the @actions/github-script dependency in package.json, target official and trusted GitHub repositories.
  • [COMMAND_EXECUTION]: The skill demonstrates and recommends the use of dynamic import() calls to load local ESM modules from the GitHub workspace, facilitating code reuse and maintainability in CI/CD pipelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 12:18 PM