Skills
skills/dhughes/claude-marketplace/ci-monitor/Gen Agent Trust Hub

ci-monitor

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection. 1. Ingestion points: Data enters the agent context via gh pr view and gh pr checks as seen in SKILL.md. 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions within the PR data. 3. Capability inventory: The skill executes shell commands (gh, say) and can be influenced by PR metadata. 4. Sanitization: Absent; the skill does not escape or validate metadata before use.
  • COMMAND_EXECUTION (HIGH): The skill exhibits dangerous command execution patterns. Evidence: The say "GitHub [repo-name] PR [pr-number]..." instruction in SKILL.md interpolates untrusted metadata into a shell command. If a repository name or PR title contains shell metacharacters (e.g., backticks, semicolons, or $()), it could lead to arbitrary code execution on the user's host machine.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 05:33 AM