Skills
skills/ruvnet/claude-flow/agent-ops-cicd-github/Gen Agent Trust Hub

agent-ops-cicd-github

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Obfuscation] (MEDIUM): The skill systematically uses shell variable syntax ($) as a substitute for path separators and delimiters (e.g., .github$workflows, ci$cd, $dev$null). This is a common evasion technique used to bypass path-based security constraints and static analysis filters.- [Command Execution] (HIGH): The post_execution hook contains a critical shell injection vulnerability. By using find ... | xargs -I {} sh -c '... cat {} ...', the skill allows for arbitrary command execution if an attacker can control filenames within the repository (e.g., a file named $(evil_command).yml).- [Indirect Prompt Injection] (HIGH):\n
  • Ingestion points: Reads project configuration files (package.json, requirements.txt, go.mod) and existing workflow files during pre_execution and through its core capabilities.\n
  • Boundary markers: None present.\n
  • Capability inventory: Full Bash, Write, Edit, and MultiEdit permissions.\n
  • Sanitization: None. The skill processes external filenames and content directly into shell environments without validation or escaping.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:56 AM