meticulous-test

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the meticulous CLI and instructs the agent to run build instructions found within the project's GitHub workflow files.
  • [EXTERNAL_DOWNLOADS]: The skill references GitHub Actions from the alwaysmeticulous GitHub organization to identify project-specific build artifacts.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection as it processes and follows instructions derived from external workflow files.
  • Ingestion points: Instructions and artifact configurations extracted from files in the .github/workflows/ directory.
  • Boundary markers: There are no boundary markers or instructions telling the agent to ignore embedded commands when processing these files.
  • Capability inventory: The agent may execute arbitrary build commands found in workflows or pass extracted data as arguments to the meticulous CLI.
  • Sanitization: The skill does not specify any validation or sanitization steps for the commands or paths extracted from the workflows before they are used in shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 01:39 PM
Security Audit — agent-trust-hub — meticulous-test