configuring-github-actions
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The file
references/testing-patterns.mdcontains templates usingsudofor package installation (sudo apt-get install). While common in CI/CD environments, the use ofsudorepresents privilege escalation within the execution context. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill templates initiate external downloads using system package managers (
apt-get,dnf,brew) and third-party GitHub Actions likegoreleaser/goreleaser-action. These are external dependencies that are not part of the trusted source list. - Indirect Prompt Injection (HIGH): The skill's primary purpose is to troubleshoot and modify
.github/workflowsfiles based on user-provided data. This creates a high-risk surface for indirect prompt injection where malicious code or logs could influence the agent to suggest harmful pipeline modifications. - Ingestion points: Processes user-provided
.github/workflowsfiles and CI error logs via the skill description instructions. - Boundary markers: None present; the templates do not define delimiters for untrusted content.
- Capability inventory: Capable of generating shell commands, suggesting code modifications, and configuring repository permissions/secrets.
- Sanitization: No validation or sanitization logic is provided to verify the integrity of the code being analyzed.
- Unverifiable Dependencies & Remote Code Execution (LOW): References several trusted GitHub Actions from the
actions/organization (e.g.,checkout,setup-go,cache) which are downgraded to LOW per the trusted source rule. - Command Execution (LOW): Includes standard shell patterns for local binary execution (
./dotfiles-installer), environment configuration (export HOME), and testing operations (go test).
Recommendations
- AI detected serious security threats
Audit Metadata