cicd-automation-workflow-automate
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses standard role-setting instructions without any attempt to bypass safety filters or override system constraints.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The instructions explicitly advise treating secrets as high risk.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any external downloads or package installations. It references a local resource file for additional patterns.
- Indirect Prompt Injection (LOW): The skill interpolates user-provided data via the
$ARGUMENTSvariable and processes CI/CD configurations. While this presents an attack surface for indirect injection, the skill lacks the dangerous capabilities (like automated execution of generated scripts) required to facilitate an exploit. - Command Execution & Privilege Escalation (SAFE): No shell commands, administrative overrides, or persistence mechanisms are present in the provided instructions.
Audit Metadata