Skills
skills/cursor/plugins/loop-on-ci/Gen Agent Trust Hub

loop-on-ci

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses gh (GitHub CLI) and git to manage workflow runs and repository state. Specific commands include gh run list, gh run watch, gh run view, and git branch --show-current.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the CI log processing workflow.
  • Ingestion points: Untrusted data enters the agent's context through the output of gh run view <run-id> --log-failed (referenced in SKILL.md).
  • Boundary markers: There are no markers or instructions to isolate the CI log content from the agent's instructions.
  • Capability inventory: The agent has the ability to modify source code, create commits, and push changes to the repository.
  • Sanitization: No sanitization or verification of the CI log content is implemented before it is used to guide code modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 04:59 PM