Skills
skills/constellos/claude-code-plugins/CI Orchestration/Gen Agent Trust Hub

CI Orchestration

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill processes CI logs and PR metadata which are untrusted external content. An attacker can inject instructions into CI output to manipulate agent behavior during data extraction or workflow management. Ingestion points: ciOutput and statusCheckRollup in SKILL.md. Boundary markers: Absent. Capability inventory: gh workflow management (rerun/cancel) and PR viewing. Sanitization: None.
  • COMMAND_EXECUTION (HIGH): Shell snippets use unquoted variables like $PR and $RUN_ID in commands such as gh pr checks $PR. This allows for command injection if variable content is manipulated.
  • REMOTE_CODE_EXECUTION (MEDIUM): The skill imports logic from relative paths like ../shared/hooks/utils/ci-status.js, which introduces unverified code dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:49 AM