The Agent Skills Directory

[PROMPT_INJECTION]: No malicious prompt injection patterns were found. The skill contains instructions to guide the agent in generating secure code, but does not attempt to override system safety guidelines or bypass restrictions.
[DATA_EXFILTRATION]: The skill does not contain any patterns for exfiltrating sensitive data. It correctly recommends the use of GitHub Secrets and OIDC (OpenID Connect) for secure credential handling instead of hardcoding sensitive information.
[REMOTE_CODE_EXECUTION]: The skill does not perform or encourage remote code execution in the agent's environment. It references well-known and official GitHub Actions (e.g., actions/checkout, docker/build-push-action) which are standard for the intended use case of CI/CD workflow generation.
[COMMAND_EXECUTION]: The skill includes examples of shell commands within GitHub Actions (e.g., npm test, docker login). However, it provides specific security guidance to prevent command injection by instructing the agent to pass untrusted input (like PR titles) through environment variables rather than direct string interpolation.
[INDIRECT_PROMPT_INJECTION]: The skill addresses the risk of indirect prompt injection in the workflows it generates. It identifies attacker-controllable contexts (e.g., github.event.issue.title) and provides explicit sanitization patterns (using env blocks) to ensure that untrusted data is treated as data rather than executable shell code.
Ingestion points: User-provided metadata for workflow generation (e.g., project name, branch names).
Boundary markers: The skill encourages explicit environment variable scoping to separate data from execution.
Capability inventory: The agent generates YAML configuration files; it does not execute the resulting workflows.
Sanitization: Includes a dedicated 'Common Anti-Patterns' section that teaches the agent to sanitize input via environment variables to prevent script injection.

github-actions-hardened