Gitea Actions

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated purpose, but it can trigger real Gitea/Forgejo automation using an API token without enough warning, scoping, or confirmation guidance.

Install only if you intentionally want an agent to trigger workflows in the configured Gitea/Forgejo instance. Use HTTPS, a short-lived least-privilege token limited to the needed repositories and workflows, and review every dispatch request before allowing it because workflows may deploy code, modify repositories, use secrets, or call external systems.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly supports dispatching Gitea/Forgejo Actions workflows but provides no warning that invoking a workflow can execute arbitrary CI/CD jobs with side effects such as deployments, repository modification, secret use, or external API calls. In an agent setting, this omission increases the chance of unsafe use because a caller may treat the skill as a harmless query tool rather than a capability that can trigger privileged automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal