action-audit
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary purpose is to perform read-only auditing of GitHub workflow files to ensure Actions are pinned to secure hashes.
- [SAFE]: It contains explicit restrictions prohibiting file modifications and mutating API calls (e.g., POST, DELETE), using only GET requests through the GitHub CLI.
- [SAFE]: All external communications are conducted via the official GitHub CLI targeting a well-known service (github.com).
- [PROMPT_INJECTION]: The skill processes untrusted data (content from GitHub workflow files) which presents a surface for indirect prompt injection.
- Ingestion points: Workflow references are read from repo files in Step 2.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the parsed content.
- Capability inventory: The skill uses
Bashandghtools for search and API interaction. - Sanitization: No specific sanitization of fetched Action references is defined before presenting them to the user. The risk is mitigated by the tool's limited reporting scope and human-in-the-loop SHA verification.
Audit Metadata