github-workflow-automation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the
ruv-swarmandclaude-flowpackages from the npm registry at runtime usingnpxto facilitate swarm-based workflow coordination. These are identified as vendor-owned resources from 'ruvnet'. - [COMMAND_EXECUTION]: Utilizes the GitHub CLI (
gh) and shell commands to manage repository resources, including creating issues, managing pull requests, and dynamically generating GitHub Action workflow files. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and processes untrusted data from external sources.
- Ingestion points: Reads pull request data via
gh pr view, analyzes repository content for stack detection, and parses logs from failed GitHub Action runs. - Boundary markers: The provided workflow examples do not include explicit delimiters or instructions to ignore potential commands embedded in analyzed data.
- Capability inventory: The skill has the ability to execute shell commands, create GitHub issues and pull requests, and generate or modify workflow files on the filesystem.
- Sanitization: No explicit sanitization of external input or validation of agent-generated code is documented before it is used in command execution or file writing.
Audit Metadata