Skills
skills/yldgio/anomaly-codereview/github-actions/Gen Agent Trust Hub

github-actions

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWNO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE] (SAFE): The file SKILL.md contains only descriptive text, best practices, and configuration examples. It does not include any executable scripts, tool definitions, or shell commands.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because its purpose is to analyze untrusted external data (GitHub Actions workflow files).
  • Ingestion points: Workflow files provided by users or fetched from repositories for review.
  • Boundary markers: Not present; the skill does not define specific delimiters to separate untrusted code from instructions.
  • Capability inventory: None; this skill does not define subprocess calls, file writes, or network operations.
  • Sanitization: None; the skill lacks logic to sanitize or escape the content of the workflows it reviews.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 12:50 PM