workflow-management

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill demonstrates patterns for processing external data retrieved from GitHub Actions (such as workflow IDs, branch names, and job logs) and using them in subsequent shell commands. • Ingestion points: Untrusted data enters the context through commands like gh run list and gh api, which fetch details from potentially attacker-controlled repositories. • Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or sanitize embedded instructions within the logs or metadata of the workflows being processed. • Capability inventory: The skill utilizes powerful CLI tools including gh, jq, xargs, and shell control structures to perform actions based on the ingested data, such as triggering new workflows or deleting existing ones. • Sanitization: No sanitization or validation steps are shown for the variables (e.g., $RUN_ID, $BRANCH) before they are interpolated into executable shell strings.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the GitHub CLI (gh) and system utilities (jq, xargs, date) to interact with remote repositories and perform management tasks. While these are legitimate tools, the automation patterns provided allow for destructive operations like bulk deletion and job reruns.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading logs and build artifacts directly from GitHub repositories using official CLI commands and API endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 11:41 PM
Security Audit — agent-trust-hub — workflow-management