The Agent Skills Directory

[SAFE]: The skill is a legitimate security auditing tool developed by a recognized security research vendor (Trail of Bits). It provides structured guidance and detection logic for analyzing GitHub Actions workflows.
[COMMAND_EXECUTION]: The skill uses the Bash tool to interact with the GitHub API (gh api) for fetching remote workflow contents. It includes explicit 'Bash Safety Rules' that instruct the agent to treat all fetched content as data and never execute it, mitigating risks of command injection from malicious repository names or filenames.
[EXTERNAL_DOWNLOADS]: The skill fetches remote workflow configuration files from github.com. This is a well-known technology service, and the downloads are necessary for the skill's primary function of remote repository auditing.
[DATA_EXFILTRATION]: The skill processes repository data locally or via API to generate security reports for the user. There are no patterns indicating the exfiltration of sensitive data to unauthorized third-party domains.
[PROMPT_INJECTION]: The skill instructions do not contain any attempts to override agent behavior, bypass safety filters, or extract system prompts. It uses standard instructional language to guide the auditing process.

agentic-actions-auditor