github-workflow-automation
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses the GitHub CLI (
gh) and Git to manage repository operations, including creating issues, commenting on pull requests, and viewing run logs. - [EXTERNAL_DOWNLOADS]: The skill relies on
npxto fetch and executeruv-swarmandclaude-flow@alpha. These are vendor-owned resources associated with the author 'ruvnet' and are used for core functionality. - [REMOTE_CODE_EXECUTION]: The use of
npxto run remote packages likeruv-swarmconstitutes dynamic execution of external code. While these are vendor resources, the mechanism involves fetching and running code at runtime. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection due to its interaction with untrusted external data.
- Ingestion points: The skill ingests data from pull request views (
gh pr view), workflow run details (gh run view), and repository codebases. - Boundary markers: There are no explicit delimiters or 'ignore' instructions implemented in the provided command examples to prevent the agent from obeying instructions embedded in PR descriptions or issue bodies.
- Capability inventory: The skill has broad capabilities, including executing shell commands via
npx, creating GitHub issues, and posting pull request comments. - Sanitization: The provided examples do not demonstrate any sanitization, filtering, or validation of the data retrieved from GitHub before it is processed by the AI swarm.
Audit Metadata