Skills
skills/iofficeai/aionui/pr-ship/Gen Agent Trust Hub

pr-ship

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes bun run test, bun run lint:fix, and bunx tsc within a temporary worktree containing code from an external PR branch. Since these commands execute scripts defined in the repository (e.g., in package.json), they can lead to arbitrary code execution if the PR branch contains malicious script definitions.
  • [COMMAND_EXECUTION]: Automatically approves GitHub Actions workflow runs using gh run approve. This bypasses a security boundary intended to prevent unauthorized or malicious code from running in the CI environment with access to repository secrets.
  • [EXTERNAL_DOWNLOADS]: Fetches and checks out remote code from PR branches using git fetch and git worktree add. While necessary for the skill's purpose, this introduces untrusted code into the agent's execution environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests and processes CI failure logs (gh run view --log-failed) to identify and apply fixes. This presents an attack surface where maliciously crafted CI output could influence the agent's code generation logic.
  • Ingestion points: GitHub Actions logs via gh run view, PR metadata via gh pr view.
  • Boundary markers: Absent; CI logs are processed directly to inform the fix loop.
  • Capability inventory: File system write access, git commit, git push, and shell execution (bun run).
  • Sanitization: None; the agent is instructed to "Fix only CI-reported errors" based on the raw log output.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 05:01 AM