ci
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Command Execution: The skill's logic in
scripts/ci.mjsexecutes local shell commands viaexecSyncto interact withgitand the GitHub CLI. It interpolates branch names and run IDs into these commands, which is a common pattern for development-oriented tools. - Indirect Prompt Injection Surface: The skill processes external data from GitHub Actions logs to identify failure categories and suggest commands. This creates a surface where external content is ingested into the agent's context. The script includes logic to filter noise and uses regular expressions to ensure only relevant file paths are extracted.
- Automated Replication Instructions: The
SKILL.mdprovides instructions for the agent to automatically execute local commands based on the failure reports. This level of automation is designed to accelerate the fix cycle by removing manual reproduction steps.
Audit Metadata