github-workflow

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks. It is designed to read and act upon data from external sources like GitHub PR comments, issue descriptions, and workflow logs. A malicious actor could embed instructions within these fields to trick the agent into performing unauthorized repository actions or bypassing internal logic.
  • Ingestion points: Untrusted data enters via gh pr (comments/bodies), gh issue, and gh run (logs).
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands in the processed text.
  • Capability inventory: The skill utilizes the gh CLI which has extensive permissions to mutate repository state, manage releases, and execute workflows.
  • Sanitization: No evidence of input validation or sanitization is present in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 03:11 AM
Security Audit — agent-trust-hub — github-workflow