gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from GitHub Actions logs, creating a surface for indirect prompt injection where malicious log content could attempt to influence the agent's summary or proposed fixes.
- Ingestion points: logs are fetched in
scripts/inspect_pr_checks.pyvia GitHub CLI commands. - Boundary markers:
SKILL.mdspecifies that the agent must 'propose a fix plan and implement only after explicit approval', providing a manual verification step. - Capability inventory: the agent can modify the local repository based on the approved plan.
- Sanitization: log snippets are extracted based on failure markers without content sanitization.
Audit Metadata