Agentic Actions Auditor by @trailofbits

Guides end-to-end execution of Agentic Actions Auditor workflow routines.

trailofbits-skillsagentic-actions-auditor

Guides end-to-end execution of Agentic Actions Auditor workflow routines.

A. Env Var Intermediary -- Attacker data flows through env: blocks to AI prompt fields with no visible ${{ }} expressions.

B. Direct Expression Injection -- ${{ github.event.* }} expressions embedded directly in AI prompt fields.

C. CLI Data Fetch -- gh CLI commands in prompts fetch attacker-controlled content at runtime.

SKILL.md

Loading tree...

Loading files...