security-incident-response
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads a specialized security scanner from the official Snyk Labs GitHub repository to perform deep analysis of GitHub Actions workflows. Snyk is a well-known security research organization, and this behavior is consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: As a security analysis tool, the skill is designed to ingest and process untrusted external content, including source code, configuration files, and vulnerability advisories, which constitutes an indirect prompt injection surface.
- Ingestion points: The agent reads project manifest files (e.g.,
package.json,pyproject.toml,go.mod), CI/CD workflow definitions (.github/workflows/*.yml), and external security research text into its context. - Boundary markers: The instructions guide the agent to distinguish confirmed exposure from unverified evidence, although it does not specify technical delimiters (like XML tags) for the ingested data.
- Capability inventory: The skill possesses capabilities for file system discovery (
find), file reading (cat,rg), network access via the GitHub CLI (gh api), and the ability to execute various local security auditing binaries. - Sanitization: The skill explicitly mandates safety-first approaches, such as using
--ignore-scriptsduring dependency audits and prioritizing static inspection over the execution of untrusted project code.
Audit Metadata