github-actions
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (LOW): Documentation contains an example snippet using the curl | bash pattern for uploading coverage reports. While a common industry practice, this pattern bypasses integrity checks. Evidence: references/shell.md contains curl -sSf https://codecov.io/upload.sh | bash.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted data from user-controlled workflow files and possesses capabilities like executing GitHub CLI commands. 1. Ingestion points: Reads workflow files in .github/workflows/. 2. Boundary markers: Absent; no instructions for the agent to ignore instructions within ingested files. 3. Capability inventory: Can execute gh api commands and write to the file system. 4. Sanitization: Absent.
Audit Metadata