meticulous-test
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
meticulousCLI and instructs the agent to run build instructions found within the project's GitHub workflow files. - [EXTERNAL_DOWNLOADS]: The skill references GitHub Actions from the
alwaysmeticulousGitHub organization to identify project-specific build artifacts. - [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes and follows instructions derived from external workflow files.
- Ingestion points: Instructions and artifact configurations extracted from files in the
.github/workflows/directory. - Boundary markers: There are no boundary markers or instructions telling the agent to ignore embedded commands when processing these files.
- Capability inventory: The agent may execute arbitrary build commands found in workflows or pass extracted data as arguments to the
meticulousCLI. - Sanitization: The skill does not specify any validation or sanitization steps for the commands or paths extracted from the workflows before they are used in shell execution.
Audit Metadata