setup-checks

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill generates a GitHub Actions workflow that installs the @anthropic-ai/claude-code package from the official NPM registry to perform pull request analysis.
  • [COMMAND_EXECUTION]: The skill executes various Git and GitHub CLI (gh) commands to inspect the repository state, fetch pull request comments, and manage branches and commits during the setup process.
  • [PROMPT_INJECTION]: The skill generates a CI workflow that is susceptible to indirect prompt injection. This occurs because the workflow interpolates untrusted data (pull request diffs and check instructions) directly into the prompt for the AI agent.
  • Ingestion points: The generated .github/workflows/checks.yml reads content from .checks/*.md and /tmp/pr-truncated.diff.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the generated prompt template.
  • Capability inventory: The claude-code CLI used in the workflow is described as a full agent capable of reading files, running commands, and using a web browser.
  • Sanitization: No sanitization or escaping is performed on the file content before it is interpolated into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 09:59 AM
Security Audit — agent-trust-hub — setup-checks