trailofbits-agentic-actions-auditor
Trail of Bits skill auditing GitHub Actions workflows for AI-agent integration security flaws.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for trailofbits-agentic-actions-auditor, derived from its capabilities.
AIVSS 7.1 ยท High
View MAESTRO 7-layer threat model โOverview
Security skill that audits GitHub Actions workflows for vulnerabilities in AI-agent integrations (Claude Code Action, Gemini CLI, OpenAI Codex, GitHub AI Inference), detecting attack vectors where attackers can hijack agent runs. Analyzes workflow YAML as its file surface.
Key features
- CI AI-agent integration audit
- Prompt-injection/attack-vector detection
- Covers Claude/Gemini/Codex actions
Use cases
- Securing CI AI agents
- Reviewing GitHub Actions for agent hijack