pipeline-security
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious instructions detected. The skill includes a proactive 'Prompt Injection Safety Notice' that explicitly directs the agent to treat text like 'ignore previous instructions' or role-play attempts found in target files as data to be analyzed rather than commands to be followed.
- [DATA_EXFILTRATION]: The skill does not possess data exfiltration capabilities. It is restricted to 'Read', 'Grep', and 'Glob' tools and lacks network access. Additionally, it contains instructions to redact any sensitive credentials discovered during the assessment process.
- [INDIRECT_PROMPT_INJECTION]: While the skill's primary purpose is to process untrusted third-party CI/CD configurations, the risk of indirect injection is effectively mitigated.
- Ingestion points: CI/CD configuration files (e.g., .github/workflows/*.yml) ingested via the 'Read' tool.
- Boundary markers: The instructions include a dedicated safety section defining how to handle adversarial content in data.
- Capability inventory: Limited to file discovery and content analysis (Glob, Grep, Read); no shell execution or network tools available.
- Sanitization: Instructions mandate the redaction of secrets and prohibit the execution of code expressions found in the analyzed configuration files.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns or external dependency downloads were identified. The skill operates entirely on local repository files.
- [COMMAND_EXECUTION]: The skill uses 'Grep' for pattern matching but does not execute the files it analyzes or utilize shell subprocesses for arbitrary commands.
Audit Metadata