github-workflow-auto-fix
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection (shell commands executed at load time) to list local workflow files and GitHub secret names. These operations are restricted to environment discovery and do not incorporate unvalidated user arguments.
- [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface. The generated GitHub Action is designed to ingest failure logs from workflow runs and use an AI agent to apply fixes. If a malicious contributor creates a pull request that produces adversarial output in the logs, the automated agent might execute those instructions, potentially leading to unauthorized repository modifications.
- Ingestion points: Reads workflow failure logs (
gh run view --log-failed) and run metadata inSKILL.md. - Boundary markers: No explicit delimitation or 'ignore instructions' markers are defined for the log context processing.
- Capability inventory: The workflow is granted
contents: write,pull-requests: write, andissues: writepermissions, along with access togitandghCLI tools. - Sanitization: The skill does not implement sanitization or filtering of the ingested log data before processing.
Audit Metadata