github-actions-pipeline-creator
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill templates reference third-party GitHub Actions such as
amondnet/vercel-action@v25andcodecov/codecov-action@v3. These are popular community actions but do not originate from the strictly defined trusted organizations (likeactionsorvercel). Since these actions are downloaded and executed with high privileges at runtime, they represent a supply chain risk. - Indirect Prompt Injection (LOW): The skill defines workflows that ingest external data via inputs (e.g.,
github.event.inputs.environment). However, the templates use safe comparison logic and built-in context variables, which helps prevent command injection in the resulting CI/CD environment. - Data Exposure & Exfiltration (SAFE): The skill correctly demonstrates the use of GitHub Secrets for sensitive tokens, preventing exposure of credentials.
- No Code (INFO): This skill consists of documentation and templates rather than executable logic, minimizing the direct risk to the agent environment.
Audit Metadata