fetch-ci-build
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8). The skill ingests untrusted data from CI logs and project source files. An attacker capable of influencing build output or source code could attempt to inject instructions to misdirect the agent's proposed fixes. 1. Ingestion points: build logs (via gh, curl, and python scripts) and failing source files. 2. Boundary markers: Absent. 3. Capability inventory: Command execution (gh, uv, curl), file system access (read/write), and tool integration. 4. Sanitization: Absent.
- [COMMAND_EXECUTION] (LOW): Execution of local scripts and CLI tools. The skill uses 'uv run' to execute local Python scripts and calls 'gh' and 'curl' to interact with CI providers.
- [DATA_EXFILTRATION] (LOW): Network operations to non-whitelisted domains. The skill performs API requests to 'api.buildkite.com' and 'circleci.com' which are outside the standard trusted domain list. It also handles sensitive environment variables like 'BUILDKITE_API_TOKEN' and 'CIRCLECI_TOKEN'.
Audit Metadata