github-actions-gen
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it processes external, potentially untrusted project files to drive its file-generation logic.
- Ingestion points: The skill reads project configuration files such as
package.json,requirements.txt,go.mod, andCargo.tomlfrom the user's project directory (SKILL.md). - Boundary markers: There are no defined delimiters or specific instructions to the agent to disregard embedded natural language instructions within the project files being analyzed.
- Capability inventory: The skill is designed to write executable YAML workflow files to the
.github/workflows/directory, which could lead to malicious code execution if the generation logic is compromised. - Sanitization: The instructions do not specify any validation or sanitization steps for the data extracted from project files before it is interpolated into the workflow templates.
Audit Metadata