The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches workflow file listings and content from GitHub using the official gh CLI. This targets a well-known service and is necessary for the skill's auditing function.
[COMMAND_EXECUTION]: Uses the gh command-line tool for GitHub API interactions. It includes a dedicated section on 'Bash Safety Rules' that explicitly forbids executing or piping any fetched data to interpreters, which serves as a safeguard against the execution of untrusted content.
[DATA_EXFILTRATION]: Network activity is restricted to authenticated requests to GitHub's official API for retrieving repository metadata and workflow files. There are no patterns suggesting the exfiltration of sensitive local data or credentials.
[PROMPT_INJECTION]: The skill is designed to identify prompt injection vulnerabilities in other workflows but does not contain any instructions that attempt to override the AI agent's own safety protocols or system prompts.

agentic-actions-auditor