Skills
skills/dl-alexandre/skills/monorepo-cli/Gen Agent Trust Hub

monorepo-cli

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell scripts and the GitHub CLI tool (gh) to retrieve CI status information for various repositories.\n- [EXTERNAL_DOWNLOADS]: Communicates with GitHub's API via the gh tool to fetch CI run metadata. GitHub is recognized as a well-known service.\n- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection. The script retrieves the displayTitle of GitHub Actions runs and outputs it directly. If the agent processes this output, malicious instructions embedded in a run title could attempt to influence the agent's behavior.\n
  • Ingestion points: scripts/check-ci-status.sh (via gh run list output).\n
  • Boundary markers: Absent.\n
  • Capability inventory: Shell script execution and interaction with the GitHub CLI.\n
  • Sanitization: None; external metadata is printed to stdout without filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 03:37 PM