ci-fix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes data from external, potentially untrusted sources.
- Ingestion points: The agent reads CI logs via
gh run view --logand downloads file artifacts usinggh run download. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat log/artifact content as untrusted data.
- Capability inventory: The skill has the capability to modify the local filesystem (including
.github/workflows/files) and execute GitHub CLI commands that affect remote repository state. - Sanitization: No sanitization or validation of the ingested log content is performed before the agent interprets it to diagnose issues.
- [COMMAND_EXECUTION] (SAFE): The skill relies heavily on the GitHub CLI (
gh). While this involves executing shell commands, these are standard operations for the skill's stated purpose of CI management. The instructions do not involve piping remote content to a shell or executing arbitrary user-provided strings.
Audit Metadata