Skills
skills/dagster-io/erk/ci-iteration/Gen Agent Trust Hub

ci-iteration

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [Prompt Injection] (LOW): The skill processes untrusted output from CI tools, creating a surface for indirect prompt injection.\n
  • Ingestion points: Tool output from make, pytest, ruff, ty, and prettier is ingested via the devrun sub-agent and analyzed by the parent agent (SKILL.md Step 2).\n
  • Boundary markers: No explicit delimiters or 'ignore' instructions are provided for the interpolation of tool output in the reasoning loop.\n
  • Capability inventory: The parent agent can edit and write files, while command execution is delegated to sub-agents restricted to the devrun type, which prevents them from making destructive file changes.\n
  • Sanitization: No sanitization or filtering of the ingested tool output is performed before it is used to determine subsequent file edits.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM