ci-cd-and-automation
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill identifies a pattern for feeding CI failure output back to the agent for automated fixing. This creates an indirect prompt injection surface because logs generated during a build or test run (especially from untrusted external Pull Requests) could contain malicious instructions designed to manipulate the agent's subsequent code modifications or command executions.
- Ingestion points: CI failure logs pasted into the agent context (SKILL.md).
- Boundary markers: Absent; no recommendation for using delimiters or protective instructions when pasting logs.
- Capability inventory: The agent is empowered to run
npm run lint --fix, modify types, fix tests, and perform git operations. - Sanitization: Absent; the agent is expected to process raw failure output.
- [COMMAND_EXECUTION]: The skill provides numerous example shell commands for building, testing, and deploying code using standard tooling such as npm, npx, and the Vercel CLI. While standard for the domain, these represent the capabilities available to the agent that could be misdirected via the injection surface noted above.
Audit Metadata