fix-tests
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of CI logs and artifacts.
- Ingestion points: The agent reads potentially untrusted data from CI logs via
gh run view --log-failedand downloaded artifacts (e.g.,playwright-report,logcat.txt) usingagentTool downloadArtifact. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between its own instructions and potentially malicious commands embedded within the logs it analyzes.
- Capability inventory: The agent has significant capabilities including executing local build/test commands (
pnpm), running mobile debugging tools (adb), and modifying the repository followed bygit commitandgit pushoperations. - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from logs or artifacts before the agent processes it to determine its next actions.
Audit Metadata