Skills
skills/sundial-org/awesome-openclaw-skills/github-action-gen/Gen Agent Trust Hub

github-action-gen

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: The description parameter in src/cli.ts (via generateWorkflow) accepts arbitrary user-provided text that is directly interpolated into the LLM prompt.
  • Boundary markers: The system prompt in src/index.ts does not use delimiters or explicit instructions to treat the user description as untrusted content.
  • Capability inventory: The skill uses fs.writeFileSync in src/cli.ts to write generated content to the filesystem, specifically targeting the .github/workflows/ directory or paths specified via the output option.
  • Sanitization: There is no validation or sanitization of the LLM's output before it is written to the filesystem, allowing potentially malicious workflows to be created if the AI is successfully injected.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 02:22 AM