Skills
skills/trailofbits/skills/agentic-actions-auditor/Gen Agent Trust Hub

agentic-actions-auditor

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill's primary function is to process untrusted workflow and action configuration files from GitHub, which creates an attack surface for indirect prompt injection.
  • Ingestion points: Workflow files are fetched via gh api (Step 0) and local files are read using the Read tool (Step 1).
  • Boundary markers: The instructions do not define clear delimiters or include 'ignore instructions' for the agent's internal prompt when processing the fetched YAML content.
  • Capability inventory: The agent uses Bash, Read, Grep, and Glob to process repository contents.
  • Sanitization: The skill contains explicit 'Bash Safety Rules' that strictly forbid the agent from piping or executing the fetched content, providing a strong defense against remote code execution.
  • [EXTERNAL_DOWNLOADS]: The skill uses the official GitHub CLI to fetch configuration and code samples from the well-known GitHub service.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 05:15 PM