Skills
skills/richfrem/agent-plugins-skills/create-github-action/Gen Agent Trust Hub

create-github-action

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local scaffolding script (scaffold_github_action.py). This script generates GitHub Action YAML files within the project's repository based on user-supplied parameters.
  • [EXTERNAL_DOWNLOADS]: The workflows generated by the skill reference various official and community GitHub Actions, such as actions/checkout, actions/setup-python, and aquasecurity/trivy-action. These are standard, well-known resources within the GitHub Actions ecosystem and are used as intended for CI/CD automation.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through user-provided input.
  • Ingestion points: User input collected during the 'Guided Discovery' phase in SKILL.md, specifically the name of the workflow.
  • Boundary markers: Absent; there are no delimiters or instructions to the agent to treat the user-provided name as untrusted data.
  • Capability inventory: The skill has the capability to write files to the .github/workflows/ directory via the scaffold_github_action.py script and the Write tool.
  • Sanitization: Absent; the scaffold_github_action.py script performs direct string interpolation of the --name argument into the YAML template without sanitizing for newlines or YAML control characters, allowing for potential structure manipulation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 06:08 PM