Skills
skills/tartinerlabs/skills/workflows/Gen Agent Trust Hub

workflows

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill processes untrusted external content (workflow files) and has high-privilege write and execution capabilities, creating a significant attack surface.
  • Ingestion points: The skill reads all files matching .github/workflows/*.yml during its audit phase.
  • Boundary markers: There are no explicit markers or instructions to isolate the data in the YAML files from the agent's core instructions.
  • Capability inventory: The skill is granted Edit, Write, Bash(gh), and Bash(git) tools, allowing it to modify code and interact with the GitHub API.
  • Sanitization: No evidence of sanitization or validation of the YAML content is provided before it is used to drive tool execution.
  • Command Execution (LOW): The skill utilizes Bash(gh) and Bash(git) to perform its functions. While these are restricted to specific binaries, they are used to execute commands (like gh api) with parameters derived directly from untrusted workflow files (such as action tags and repository paths).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:57 AM