github-actions
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is a legitimate tool designed to improve CI/CD security. It follows best practices by recommending action pinning and explicit permissions, and its tool use is scoped to GitHub CLI.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it ingests and processes untrusted GitHub Actions workflow files during audit operations. This is an inherent property of auditing tools and is mitigated by the restricted execution environment.
- Ingestion points: .github/workflows/*.yml files.
- Boundary markers: None present to isolate untrusted workflow content.
- Capability inventory: File system access (Read, Write, Grep) and Bash restricted to the gh command.
- Sanitization: No sanitization or escaping of workflow content before processing.
Audit Metadata