Skills
skills/levnikolaevich/claude-code-skills/ln-732-cicd-generator/Gen Agent Trust Hub

ln-732-cicd-generator

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from untrusted local files to populate template variables.
  • Ingestion points: Reads configuration from package.json, requirements.txt, pyproject.toml, and *.csproj files (SKILL.md).
  • Boundary markers: None identified; the skill directly interpolates detected versions and paths into templates.
  • Capability inventory: The agent is instructed to create directories and write files (.github/workflows/ci.yml) based on these inputs (SKILL.md).
  • Sanitization: The skill mentions 'Validate YAML syntax' as a quality criterion, but does not specify input validation or escaping for the interpolated variables.
  • [EXTERNAL_DOWNLOADS]: The skill fetches template files from a remote repository if they are not present in the local environment.
  • Evidence: 'fetch files via WebFetch from https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/{path}' (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:01 PM