The Agent Skills Directory

SAFE (SAFE): The skill instructions and referenced templates are well-structured and adhere to the stated purpose of GitHub Actions automation. No malicious behaviors such as prompt injection, exfiltration, or persistence were found.\n- COMMAND_EXECUTION (SAFE): The use of the Bash tool is limited to benign file system inspection (ls, cat, mkdir) and git metadata retrieval (git branch), which are essential for identifying the project stack and current configuration.\n- DATA_EXFILTRATION (SAFE): No sensitive file access or unauthorized network requests were detected. The templates correctly use GitHub's secret management syntax (e.g., ${{ secrets.GITHUB_TOKEN }}) rather than hardcoded credentials.\n- EXTERNAL_DOWNLOADS (SAFE): While the generated templates reference third-party GitHub Actions (such as trufflehog and setup-uv), these are industry-standard tools from reputable sources and do not affect the security of the skill's own execution environment.

github-actions-expert