buildspace-ci-cd
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references reusable GitHub Actions workflows from the author's repository (photon-hq/buildspace). These are vendor-provided CI/CD components.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing repository metadata and package configurations to generate GitHub Actions workflows.
- Ingestion points: Repository structure and packages JSON inputs.
- Boundary markers: None.
- Capability inventory: Creation and modification of CI/CD workflow files.
- Sanitization: No explicit validation of external repository data is defined.
Audit Metadata