when-automating-github-actions-use-workflow-automation

Warn

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes frequent use of shell commands and local scripts to perform its tasks. It references several scripts that are not provided in the skill files, including scripts/project-analyzer.sh, scripts/workflow-generator.sh, scripts/workflow-validator.sh, scripts/workflow-analytics.sh, and scripts/github-api.sh. These scripts are executed via bash and handle sensitive operations like repository analysis and API interaction.
  • [EXTERNAL_DOWNLOADS]: The skill instructions frequently invoke npx claude-flow@alpha. This command downloads and executes the claude-flow package from the npm registry at runtime. Using an alpha-stage package from a public registry introduces a supply chain risk, as the code is subject to change and its provenance is not verified within the skill.
  • [DATA_EXFILTRATION]: The skill utilizes scripts/github-api.sh to create pull requests and fetch workflow run data. This involves transmitting project information and potentially sensitive workflow logs to GitHub's infrastructure. It also manages secrets via an .secrets file when using the act tool for local testing.
  • [REMOTE_CODE_EXECUTION]: The use of npx to run remote packages combined with the execution of multiple unverified local shell scripts grants the skill significant control over the host environment. The logic involves dynamic task orchestration where agents can spawn further processes.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect injection as it ingests and processes external data such as project structures, third-party workflow templates, and GitHub API responses (logs/metrics). While it includes some validation steps (e.g., workflow-validator.sh), the ingestion of untrusted external content remains an attack vector.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 26, 2026, 03:21 AM
Security Audit — agent-trust-hub — when-automating-github-actions-use-workflow-automation