cicd-architecture-auditor
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill ingests and processes untrusted data in the form of GitHub Actions workflow YAML files provided by users.
- Ingestion points: User-provided .yml and .yaml workflow files (referenced in SKILL.md).
- Boundary markers: None identified. The skill does not use specific delimiters to separate user data from its internal processing instructions.
- Capability inventory: The skill has the capability to generate complete, executable YAML workflow files based on its analysis, which could be used to propagate malicious logic if the input is manipulated.
- Sanitization: The skill lacks explicit sanitization or validation steps for the content of the ingested YAML files.
Audit Metadata