Skills
skills/andreacovelli/my-skills/github-actions-workflows/Gen Agent Trust Hub

github-actions-workflows

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: No malicious injection patterns detected. The instructions follow standard operational guidance for workflow management.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials found. The skill explicitly promotes security best practices, such as using GITHUB_TOKEN and OIDC instead of long-lived credentials.
  • [DATA_EXFILTRATION]: No exfiltration patterns found. The skill's instructions actually warn against exposing secrets to untrusted code paths.
  • [REMOTE_CODE_EXECUTION]: The skill does not perform remote code execution. It contains guidelines for reviewing third-party actions and warns against executing untrusted code in high-privilege workflows like pull_request_target.
  • [EXTERNAL_DOWNLOADS]: Links provided in references/sources.md point to official GitHub documentation (docs.github.com), which are well-known and trusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:43 PM
Security Audit — agent-trust-hub — github-actions-workflows