github-workflow-standards
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and process untrusted data from GitHub issues, pull requests, and discussions.
- Ingestion points: Processes content from
github_list_releases, issues, PRs, and community discussions during 'Discovery' and 'Activity Signal' phases. - Boundary markers: The document does not specify the use of clear delimiters (e.g., XML tags or triple-quotes) or 'ignore embedded instructions' headers when interpolating retrieved GitHub content into its context.
- Capability inventory: The agent has the capability to read repository data, post comments, and potentially modify repository state (merge, close, delete) following user confirmation.
- Sanitization: There are no explicit instructions for sanitizing or filtering malicious instructions that may be embedded in markdown comments or PR descriptions provided by external contributors.
Audit Metadata