generate-github-workflow
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect injection surface analyzed. 1. Ingestion points: free-form requirements in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: File-writing to .github/workflows/ via the document-artifact output. 4. Sanitization: Absent. The risk is assessed as SAFE because the skill explicitly requires human confirmation after listing all placeholders and before performing any filesystem writes, effectively preventing autonomous execution of injected content.
- [SAFE]: The skill mandates security-first practices for the output YAML, such as using specific commit SHAs or major version tags for third-party actions and setting minimal GITHUB_TOKEN permissions.
- [SAFE]: No obfuscation, data exfiltration, or hardcoded credentials were detected in the skill's instructions or metadata.
- [SAFE]: A metadata discrepancy exists between the author name 'ai-cortex' in the file and the system-provided author 'nesnilnehc', but this does not appear to be a deceptive attack vector.
Audit Metadata