gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by processing GitHub Actions logs, which can contain untrusted content from external contributors.
- Ingestion points: Log content is retrieved in
scripts/inspect_pr_checks.pyusinggh run view --logand the GitHub API. - Boundary markers: The skill does not use specific delimiters to isolate log data, increasing the risk that the AI may interpret parts of the logs as instructions.
- Capability inventory: The agent is empowered to implement code fixes as per the instructions in
SKILL.md, which includes file-writing and command execution capabilities. - Sanitization: No sanitization is performed on the log snippets to filter out natural language instructions before they are passed to the agent.
- [COMMAND_EXECUTION]: The skill's operation requires executing local system commands using
ghandgit. This usage is consistent with the skill's purpose and is performed via the agent's Bash tool. The Python scriptscripts/inspect_pr_checks.pyuses argument lists insubprocess.runto handle parameters safely, mitigating common shell injection risks, although the agent retains high capability to execute code when implementing fixes.
Audit Metadata