Skills
skills/pr-pm/prpm/github-actions-testing/Gen Agent Trust Hub

github-actions-testing

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • Remote Code Execution (CRITICAL): A command pattern bash <(curl ...) was detected targeting an external script. This method is highly dangerous as it executes unverified code directly from the internet.
  • Evidence: Found execution of https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash via bash process substitution.
  • External Downloads (HIGH): The skill references an external repository (rhysd/actionlint) that is not included in the 'Trusted External Sources' list. Using unverified third-party scripts at runtime poses a significant supply chain risk.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:42 PM