building-cicd-configs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to run
brew install actionlint, downloading software from an unverified external source at runtime.\n- REMOTE_CODE_EXECUTION (HIGH): It usesnpx yaml-lintto fetch and execute code directly from the npm registry, which allows for arbitrary code execution if the package is compromised.\n- COMMAND_EXECUTION (HIGH): The skill relies on shell commands likels,npm pkg get, andbrewto inspect the local filesystem and install tools.\n- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection.\n - Ingestion points: The agent reads project-controlled data via
npm pkg get scriptsand directory listings vials.\n - Boundary markers: No delimiters or instructions are provided to the agent to distinguish between project data and its own logic.\n
- Capability inventory: The skill can write sensitive CI/CD configuration files (GitHub Actions, GitLab CI) and execute local shell commands.\n
- Sanitization: No validation or escaping is performed on the extracted project data; a malicious project could contain script names or file structures designed to trick the agent into injecting unauthorized steps or exfiltration commands into the generated YAML configurations.
Recommendations
- AI detected serious security threats
Audit Metadata