loop-on-ci
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests untrusted data from external sources and has the capability to modify code.
- Ingestion points: External CI log data is ingested via the
gh run view --log-failedcommand inSKILL.md. - Boundary markers: The instructions lack explicit delimiters or instructions to treat CI log content as untrusted data or to ignore embedded instructions.
- Capability inventory: The workflow involves interpreting logs to 'implement a focused fix' and performing
git commitandgit push, allowing for code modification. - Sanitization: There is no evidence of sanitization or filtering applied to the CI log content before processing.
Audit Metadata