github-agentic-workflows
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the gh-aw CLI extension from the official github organization's repository.\n- [PROMPT_INJECTION]: The workflows described in the examples (e.g., Issue Triage, Code Review) ingest untrusted data from GitHub issues and pull requests, which represents an indirect prompt injection surface (Category 8). The skill mitigates these risks by mandating safe-outputs and a read-all permission model.\n
- Ingestion points: Triggers for issues and pull_request events are defined in SKILL.md.\n
- Boundary markers: No specific delimiters are defined in the natural language instruction templates provided in SKILL.md.\n
- Capability inventory: The skill mentions access to the github tool for API interactions, edit for file system changes, and bash for command execution in SKILL.md.\n
- Sanitization: The rules explicitly mandate the use of safe-outputs and safe-inputs configurations in SKILL.md to validate and limit agent behavior.\n- [COMMAND_EXECUTION]: The documentation includes the bash tool for workflow automation but establishes strict rules in SKILL.md to avoid unrestricted access and requires explicit documentation of tool constraints.
Audit Metadata