agentic-actions-auditor

This document describes a real and credible supply-chain attack vector (Vector E) that enables prompt injection via attacker-controlled CI/build/test logs passed into AI-driven workflow steps. The artifact itself is not malicious code, but it identifies a vulnerability pattern that can be exploited when workflows interpolate raw CI output into AI prompts (e.g., via ${{ github.event.inputs.error_logs }} or ${{ steps.*.outputs.* }}). Projects that feed full build/test logs into AI actions to 'fix' failures are at significant risk and should sanitize, limit, or avoid passing untrusted logs into prompts and should restrict what automated AI actions can commit or run.