gh-run-failure
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) and standard system utilities such as rg (ripgrep), sed, and head to retrieve and format workflow data.\n- [EXTERNAL_DOWNLOADS]: Diagnostic logs and build artifacts are downloaded from GitHub's official infrastructure using the gh run download and gh run view --log commands. These operations target a well-known service for legitimate troubleshooting purposes.\n- [PROMPT_INJECTION]: The skill displays an indirect prompt injection surface as it processes external content.\n
- Ingestion points: External data is ingested from GitHub API responses, including commit messages, log outputs, and file contents from downloaded artifacts.\n
- Boundary markers: None. The skill does not currently use specific delimiters to isolate external data from the agent's instructions.\n
- Capability inventory: The skill performs subprocess calls for gh, rg, and sed across its operational scripts.\n
- Sanitization: Employs jq for structured data extraction, which mitigates some risks, though unstructured data from logs and commit messages is processed directly by text utilities.
Audit Metadata