GitHub Actions
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is designed for GitHub Actions automation and interacts with trusted domains (github.com, api.github.com) for its primary purpose.\n- [SAFE]: Instructions explicitly forbid requesting or storing sensitive credentials like Personal Access Tokens or cloud keys in the agent context.\n- [SAFE]: The security model provided in the skill promotes industry-standard practices, including minimizing workflow permissions and using GitHub Environments for deployment gates.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external repository data and logs.\n
- Ingestion points: The skill reads repository metadata, workflow files, and run logs (e.g., via
gh run view --log-failed).\n - Boundary markers: There are no explicit instructions to use delimiters or ignore instructions embedded in the logs being analyzed.\n
- Capability inventory: The skill can draft and modify workflow files and execute CLI commands using tools like
ghandact.\n - Sanitization: No sanitization or filtering of content from external logs or files is mentioned.
Audit Metadata