github-actions
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill audits content from repository workflow files, which are external and untrusted sources, creating a potential surface for indirect prompt injection. * Ingestion points: Reads and parses all files matching .github/workflows/*.yml. * Boundary markers: No explicit delimiters or instructions to ignore embedded instructions within the ingested files are present. * Capability inventory: Includes file reading, file writing (auto-fix functionality), and command execution via the GitHub CLI. * Sanitization: No specific input validation or sanitization of content extracted from audited workflows is mentioned.
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh api) to fetch commit SHAs. This involves executing system commands with parameters (owner, repository, and tag names) that are derived from the analyzed workflow files.
Audit Metadata