github-actions
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed specifically to improve the security posture of GitHub repositories. It provides detailed references for mitigating common CI/CD security risks.
- [PROMPT_INJECTION]: No malicious prompt injection or bypass attempts were detected. The instructional language used (e.g., 'Always run this phase', 'Do NOT use for...') is standard for defining the operational scope and logic of an AI agent task.
- [DATA_EXFILTRATION]: No exfiltration patterns were found. The skill explicitly warns against hardcoding secrets and provides guidance on using GitHub Secrets and environment variables securely.
- [INDIRECT_PROMPT_INJECTION]: While the skill ingests untrusted data from repository files (manifests, existing workflows), it includes mandatory security hardening rules to prevent injection. These include using environment variables for shell evaluation and using the 'github-script' action for complex logic.
- Ingestion points: Project manifest files (package.json, pyproject.toml, etc.) and existing .github/workflows/*.yml files.
- Boundary markers: Recommends using environment variables to encapsulate untrusted data.
- Capability inventory: Reading repository files and writing YAML workflow files to the filesystem.
- Sanitization: Provides a dedicated 'Security Hardening Guide' (references/security-hardening.md) covering script injection and supply chain security.
- [EXTERNAL_DOWNLOADS]: The skill mentions several third-party GitHub Actions (e.g., 'dorny/paths-filter', 'Swatinem/rust-cache', 'google-github-actions/auth'). All referenced actions and organizations (GitHub, AWS, Azure, Google, Vercel, Netlify) are well-known and trusted providers. The skill correctly recommends pinning these actions to immutable commit SHAs.
Audit Metadata