create-github-action
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs local file generation using Python scripts that utilize only the standard library. No malicious code or unauthorized system access was identified during the analysis of the provided scripts.
- [COMMAND_EXECUTION]: The skill executes internal Python scripts to scaffold workflows. These scripts use safe parsing techniques (argparse) and do not execute arbitrary shell commands with user-provided strings, effectively mitigating common injection vectors.
- [EXTERNAL_DOWNLOADS]: Templates within the skill generate workflows that reference standard CI/CD tools and actions from well-known and trusted providers such as GitHub (e.g., actions/checkout, github/codeql-action) and NPM (e.g., @github/copilot). These downloads are documented as part of the intended CI/CD output and originate from trusted sources.
- [PROMPT_INJECTION]: The skill does not contain instructions that attempt to override AI safety filters or exfiltrate system prompts. Evaluation cases in the skill specifically test for and confirm the refusal to process malicious script injections.
- [DATA_EXFILTRATION]: No patterns for unauthorized data access or network transmission of sensitive information were found. The skill does not interact with the network during the scaffolding process.
Audit Metadata