workflow-audit
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides structured instructions for performing security audits on GitHub Actions workflow files. It identifies high-risk patterns like script injection from untrusted event data and recommends secure alternatives such as using environment variables.
- [EXTERNAL_DOWNLOADS]: The skill references the anthropics/claude-code-action repository for auditing purposes. This is an official repository from a well-known organization and is handled as a trusted reference.
- [COMMAND_EXECUTION]: The audit process involves reading and parsing local .yml files within the .github/workflows/ directory. These are standard read operations for a diagnostic tool and do not involve executing untrusted code.
- [PROMPT_INJECTION]: No prompt injection or behavior override patterns were detected. The instructions are clearly scoped to the auditing task.
Audit Metadata