Skills
skills/b-open-io/prompts/wait-for-ci/Gen Agent Trust Hub

wait-for-ci

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external CLI tools including gh (GitHub), glab (GitLab), and vercel to monitor pipeline status and retrieve logs. These tools are expected given the skill's purpose and are executed using parameters derived from the local git environment.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It retrieves the last 30 lines of logs from failed CI runs and presents them to the agent for debugging. Since logs can contain arbitrary output from the code being tested, a malicious payload in the codebase could trigger unwanted agent behavior.
  • Ingestion points: The scripts/wait-ci.sh script captures failed logs via the gh run view --log-failed command.
  • Boundary markers: No boundary markers or delimiters are present; the logs are directly interpolated into the JSON details field.
  • Capability inventory: The agent has access to the Bash tool and is explicitly instructed in SKILL.md to fix code and push changes based on the log analysis.
  • Sanitization: No sanitization, escaping, or filtering is performed on the captured log content before it is passed to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:57 AM