setup-checks
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill generates a GitHub Actions workflow that installs the
@anthropic-ai/claude-codepackage from the official NPM registry to perform pull request analysis. - [COMMAND_EXECUTION]: The skill executes various Git and GitHub CLI (
gh) commands to inspect the repository state, fetch pull request comments, and manage branches and commits during the setup process. - [PROMPT_INJECTION]: The skill generates a CI workflow that is susceptible to indirect prompt injection. This occurs because the workflow interpolates untrusted data (pull request diffs and check instructions) directly into the prompt for the AI agent.
- Ingestion points: The generated
.github/workflows/checks.ymlreads content from.checks/*.mdand/tmp/pr-truncated.diff. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the generated prompt template.
- Capability inventory: The
claude-codeCLI used in the workflow is described as a full agent capable of reading files, running commands, and using a web browser. - Sanitization: No sanitization or escaping is performed on the file content before it is interpolated into the prompt.
Audit Metadata