Skills
skills/dtinth/agent-skills/wait-for-ci/Gen Agent Trust Hub

wait-for-ci

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill uses deno run to execute code directly from a remote URL (https://github.com/dtinth/wait-for-ci/raw/main/wait-for-ci.ts). This is a form of remote code execution where the content of the script is fetched and run at runtime without local verification or version pinning.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The script is downloaded from a personal GitHub repository (dtinth). Per the security policy, downloads from non-whitelisted sources for execution are treated with higher severity.
  • [COMMAND_EXECUTION] (MEDIUM): The command includes --allow-run=gh, which explicitly grants the remote script the ability to execute the GitHub CLI on the host system. This could be abused to access private repositories or manipulate GitHub resources if the remote script is compromised.
  • [DATA_EXPOSURE] (LOW): The command includes --allow-env, allowing the script to read all environment variables, which often contain sensitive tokens or configuration data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:27 PM