agent-workflow-automation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'Bash' tool and the GitHub 'gh' CLI to perform repository management tasks and workflow automation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and processes external data from GitHub PRs and commits.
- Ingestion points: Data such as PR descriptions, commit messages, and repository file contents are fetched using the 'gh' CLI and used to drive automation.
- Boundary markers: The provided templates lack explicit boundary markers or instructions to disregard embedded commands in the processed text.
- Capability inventory: The skill has significant permissions, including 'Bash' execution, file modification ('Write', 'Edit'), and the ability to create and trigger GitHub workflows.
- Sanitization: There is no evidence of data sanitization or validation for the content retrieved from external GitHub sources.
- [EXTERNAL_DOWNLOADS]: The skill executes 'npx ruv-swarm', which dynamically downloads and runs code from a Node.js package. This resource is associated with the skill's author.
Audit Metadata