cicd-workflows
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill possesses a high-risk attack surface for Indirect Prompt Injection.
- Ingestion points: Content is fetched from
api.expo.devandraw.githubusercontent.com/expoviascripts/fetch.js. - Boundary markers: There are no explicit markers or sanitization logic mentioned to prevent fetched content from overriding agent instructions.
- Capability inventory: The skill has the ability to write files (
Write) and execute bash commands (Bash(node:*)), specifically targeting sensitive CI/CD configuration files (.eas/workflows/*.yml). - Sanitization: No evidence of sanitization for the fetched documentation or schemas before they are used to guide code generation.
- Unverifiable Dependencies (MEDIUM): The skill executes
npm installwithin the{baseDir}/scriptsdirectory. Since thepackage.jsonfile is not included in the skill definition, the dependencies being installed are unverified and could include malicious packages. - External Downloads (MEDIUM): The skill fetches data from
api.expo.devandraw.githubusercontent.com. While these are legitimate Expo domains, they are not on the 'Trusted External Sources' whitelist for this analysis, meaning the integrity of the downloaded content must be treated as untrusted. - Command Execution (LOW): The skill executes local Node.js scripts (
fetch.js,validate.js) to perform its core functions. While expected, this execution provides the mechanism for potentially malicious actions if the scripts or their dependencies are compromised.
Recommendations
- AI detected serious security threats
Audit Metadata