rollback-workflow-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The GitHub Action templates in SKILL.md use direct interpolation of user inputs into shell commands (e.g.,
./scripts/deploy.sh ${{ github.event.inputs.environment }}). This represents an Indirect Prompt Injection surface where an attacker with permission to trigger the workflow could inject malicious shell commands. Ingestion points: workflow_dispatch inputs ('version', 'environment', 'reason', 'migration'). Boundary markers: None. Capability inventory: Shell script execution, npm commands, kubectl operations, and docker commands. Sanitization: Absent; inputs are not sanitized or passed via environment variables. - [CREDENTIALS_UNSAFE] (SAFE): The skill follows security best practices by using GitHub Secrets (e.g., DEPLOY_TOKEN, KUBECONFIG) for sensitive data instead of hardcoding credentials.
- [EXTERNAL_DOWNLOADS] (SAFE): All referenced external GitHub Actions are from trusted organizations ('actions' and 'azure'), which downgrades the risk associated with external dependencies.
Audit Metadata