Skills
skills/gannonh/skills/gh-fix-ci/Gen Agent Trust Hub

gh-fix-ci

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The bundled script scripts/inspect_pr_checks.py uses the Python subprocess module to execute git and gh (GitHub CLI) commands. These commands are used to resolve Git repository roots, view pull request metadata, list CI check statuses, and fetch job logs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external CI logs and has the capability to modify the repository.
  • Ingestion points: Build logs are retrieved from GitHub Actions runs in scripts/inspect_pr_checks.py using gh run view --log and the GitHub API.
  • Boundary markers: Logs are provided to the agent as text snippets or JSON without explicit boundary markers or instructions to disregard embedded commands.
  • Capability inventory: The workflow defined in SKILL.md explicitly allows the agent to "commit and push changes" to the repository based on its analysis of the logs.
  • Sanitization: There is no evidence of sanitization or filtering of the log content to remove potential injection strings before the data is processed by the LLM.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 01:49 AM