analyze-ci-logs
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill's primary function is to process CI/CD logs, which are untrusted external inputs.
- Ingestion points: The 'Analysis Instructions' and 'Usage' sections in SKILL.md explicitly state the skill should ingest and parse 'CI log output'.
- Boundary markers: There are no instructions or boundary markers (such as XML tags or delimiters) to distinguish between log data and instructions, nor are there commands to ignore embedded instructions.
- Capability inventory: The skill directs the agent to trace errors and summarize log content, creating an opportunity for an attacker to inject instructions via a CI log file.
- Sanitization: No sanitization or filtering logic is defined for the incoming log data.
- [DATA_EXFILTRATION]: Risk of sensitive data exposure.
- Evidence: CI/CD logs often contain sensitive information like API tokens, environment variables, or authentication secrets. The 'Usage' instructions that encourage the agent to 'Extract log content' and provide 'full or relevant sections' increase the risk of the agent inadvertently exposing these credentials in its summary or recommendations.
Audit Metadata