fix-ci
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
gh(GitHub CLI) command to retrieve logs from GitHub Actions. This is a standard operation required for its function. - [PROMPT_INJECTION]: The skill processes data from GitHub Actions logs, which are external and potentially untrusted. This creates an indirect prompt injection surface where malicious instructions embedded in build logs could attempt to influence the agent's actions. * Ingestion points: GitHub Actions logs fetched via the
ghcommand. * Boundary markers: No specific delimiters are defined for log content, though the skill mandates a 'Debug Mindset' and evidence-based reasoning to verify findings. * Capability inventory: File system access (read/write), command execution viagh, and subagent orchestration. * Sanitization: No explicit sanitization or validation of log content is described.
Audit Metadata