analyze-github-action-logs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches workflow logs from GitHub's infrastructure using the gh CLI tool. This targets a well-known service to retrieve diagnostic data.
- [COMMAND_EXECUTION]: Executes system commands including gh run list, gh run view, and grep to interact with GitHub Actions and process retrieved log files. These operations are standard for the skill's purpose.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub Action logs. * Ingestion points: External workflow logs are downloaded to /tmp/actions-run-<run_id>.log and read by subagents. * Boundary markers: The skill searches for logical boundaries (e.g., [flue] skill) but does not provide subagents with explicit instructions or delimiters to disregard natural language commands found within the logs. * Capability inventory: The skill utilizes the gh CLI and the ability to spawn subagents to perform analysis. * Sanitization: No sanitization or escaping of the log content is performed before the data is passed to subagents for interpretation.
Audit Metadata