gh-aw
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executegh awCLI commands for compiling workflows and checking status. These operations are standard for the tool's lifecycle and are accompanied by instructions to run security-focused linters likeactionlint,zizmor, andpoutine. - [EXTERNAL_DOWNLOADS]: The skill references external documentation and MCP server configurations. All referenced URLs target either the vendor's own domain (prowler.com) or a trusted organization's domain (github.github.com), which is documented neutrally as per the analysis guidelines.
- [PROMPT_INJECTION]: The skill proactively addresses prompt injection risks by instructing the agent to never pass raw event data directly and instead use sanitized outputs. This demonstrates a defensive posture rather than an injection vulnerability.
- [SAFE]: The skill includes comprehensive security hardening sections, such as 'Defense-in-Depth Layers' and 'Safe Outputs', which guide the user to implement least-privilege access and threat detection prompts.
Audit Metadata