auto-dev-setup
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to download and use GitHub Action templates and reusable workflows from 'miles990/claude-software-skills'. This repository is not part of the trusted organizations or repositories list, making it an unverifiable dependency.
- REMOTE_CODE_EXECUTION (MEDIUM): The workflow configuration (specifically the 'uses' keyword in Step 3) executes remote code within the user's CI/CD environment. Using '@main' instead of a specific commit hash increases the risk of automatic execution of malicious updates if the source repository is compromised.
- PROMPT_INJECTION (LOW): (Category 8: Indirect Prompt Injection) The setup creates a workflow that is triggered by untrusted external data from GitHub Issues and comments. * Evidence Chain: 1. Ingestion points: 'issue_comment' (created), 'issues' (labeled), and 'workflow_dispatch' (inputs). 2. Boundary markers: Absent in the provided templates. 3. Capability inventory: Implied execution of development tasks and shell commands within the GitHub Runner. 4. Sanitization: Absent in the provided setup code.
Audit Metadata