ln-732-cicd-generator
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions include a fallback mechanism to fetch reference templates from the author's official GitHub repository if they are not available locally.\n- [COMMAND_EXECUTION]: The generated workflows contain shell commands for software lifecycle management, including dependency installation, linting, testing, and container health checks using tools like npm, dotnet, and docker.\n- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface as it reads data from project files (e.g., version strings from package.json) and interpolates them into the generated YAML workflow. This is a functional requirement of the tool's template-generation logic.\n
- Ingestion points: package.json, *.csproj, pyproject.toml, requirements.txt\n
- Boundary markers: Absent\n
- Capability inventory: File-system write access to .github/workflows/ci.yml\n
- Sanitization: Absent
Audit Metadata