github-agentic-workflows
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The troubleshooting documentation includes a link to an official installation script from the GitHub organization repository (https://raw.githubusercontent.com/github/gh-aw/main/install-gh-aw.sh). This is provided as an alternative setup method for the workflow extension.
- [REMOTE_CODE_EXECUTION]: The skill documents an installation procedure using the curl | bash pattern to fetch and run a script from a trusted repository owned by the official GitHub organization. This is a standard procedure for installing the referenced developer tools.
- [COMMAND_EXECUTION]: The skill facilitates the execution of various CLI commands via the gh tool and its extensions to initialize, compile, and validate agentic workflows. It also executes a local Node.js script (scripts/find-gh-aw-targets.mjs) to identify relevant files within the workspace.
- [SAFE]: The included Node.js script performs local file discovery and scanning to identify workflow indicators. It operates entirely within the local file system using built-in modules and does not perform any network activity or unauthorized data access.
Audit Metadata