wrdn-gha-workflows
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides expert-level instructions for auditing GitHub Actions workflows for security vulnerabilities. Its methodology emphasizes tracing execution graphs and trust boundaries, which is a recognized security practice.
- [SAFE]: The permitted tools (Read, Grep, Glob, Bash) are appropriate and expected for a file-scanning and auditing skill.
- [SAFE]: All external references in the documentation point to reputable security research blogs, official GitHub documentation, and government advisories (e.g., CISA, GitHub Security Lab, Wiz, Semgrep) for educational context.
- [SAFE]: The skill includes extensive false-positive controls and defines clear boundaries for what should and should not be reported, indicating a well-designed and legitimate tool.
- [SAFE]: No obfuscation, data exfiltration, credential harvesting, or persistence mechanisms were detected. The skill's behavior is entirely consistent with its stated purpose of improving repository security.
Audit Metadata