platform-integration
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous automation templates in Bash, PowerShell, and Python designed to run in CI/CD environments (GitHub Actions, Azure Pipelines) for compliance reporting and enforcement.
- [EXTERNAL_DOWNLOADS]: Documentation references and scripts install standard Python libraries including PyGithub, tabulate, and pytest. It also integrates well-known security and quality services like Snyk and Codecov via their official GitHub Actions.
- [PROMPT_INJECTION]: The skill implements an automated traceability verification workflow that processes untrusted data from Pull Request and Issue descriptions.
- Ingestion points:
github-requirements.md(readsgithub.event.pull_request.bodywithin a GitHub Action runner). - Boundary markers: Absent; the logic relies on regex pattern matching rather than structured delimiters or explicit instructions to ignore embedded commands.
- Capability inventory: Access to GitHub API and subprocess execution within the CI environment.
- Sanitization: Limited to regex extraction of specific patterns for requirement IDs.
Audit Metadata