github-workflow
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified through the ingestion of external GitHub data.
- Ingestion points: SKILL.md specifies fetching review bodies, inline comments, and issue content.
- Boundary markers: There are no delimiters or specific instructions to treat the fetched content as data rather than instructions.
- Capability inventory: The skill grants the agent the ability to modify source code and execute GitHub CLI commands to manage pull requests and workflows.
- Sanitization: No sanitization or validation mechanisms are defined for the data retrieved from external sources before processing.
Audit Metadata