github-action-gen
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs users to execute the 'ai-github-action' package using npx. This process involves downloading and running code directly from the NPM registry. The package is maintained by LXGIC Studios, which is not included in the trusted vendors list.
- [COMMAND_EXECUTION]: The skill requires the execution of shell commands (npx) and the use of the '--install' flag, which may trigger additional package installations or system modifications during the workflow generation process.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8).
- Ingestion points: The tool accepts natural language descriptions (e.g., 'test and deploy on push to main') from the user via the SKILL.md instructions.
- Boundary markers: There are no boundary markers or instructions to the AI to ignore malicious commands embedded within the user's workflow description.
- Capability inventory: The generator creates GitHub Actions YAML files, which are high-privilege configurations capable of executing arbitrary commands and accessing repository secrets in CI/CD environments.
- Sanitization: No input validation or sanitization mechanisms are described to prevent the AI from generating malicious workflow steps based on attacker-crafted descriptions.
Audit Metadata