generate-github-workflow
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues detected.
- [COMMAND_EXECUTION]: The skill generates GitHub Actions YAML files but does not execute arbitrary shell commands itself. It specifically instructs the agent to avoid hardcoded secrets and to use placeholders for unknown commands, ensuring safety.
- [EXTERNAL_DOWNLOADS]: The skill references official and well-known GitHub Actions (e.g.,
actions/checkout,actions/setup-go,docker/login-action). These references are for the purpose of workflow generation and do not involve the skill downloading or executing untrusted code at runtime. - [PROMPT_INJECTION]: No evidence of prompt injection or instructions to bypass safety guidelines was found. The skill contains detailed self-check and acceptance criteria to ensure its output remains within secure boundaries.
Audit Metadata