gha-lint
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains instructions to install actionlint using 'bash <(curl ...)', a pattern that fetches and executes a script directly from a remote GitHub repository ('rhysd/actionlint'). This is a high-risk practice because it executes unverified code in the user's environment, bypassing integrity checks.
- [EXTERNAL_DOWNLOADS]: The skill references several third-party GitHub Actions and tools from repositories such as 'suzuki-shunsuke/pinact-action' and 'zizmorcore/zizmor-action'. While some use pinned commit SHAs, these sources are not from the pre-approved trusted vendor list, representing an external dependency on third-party code.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes workflow files that could contain malicious instructions from untrusted contributors. Ingestion points: Reads all files under '.github/workflows/' for analysis. Boundary markers: No specific instructions or delimiters are provided to the agent to treat workflow content as untrusted data. Capability inventory: Executes shell commands and package management tasks (nix run, bash). Sanitization: There is no evidence of sanitization or content validation before the workflow data is passed to the analysis tools.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata