Skills
skills/kentoshimizu/sw-agent-skills/github-fix-ci/Gen Agent Trust Hub

github-fix-ci

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface due to the processing of external logs.
  • Ingestion points: scripts/inspect_pr_checks.py fetches log content from GitHub Actions via the gh run view --log command.
  • Boundary markers: No boundary markers or 'ignore' instructions are used to separate untrusted log content from the agent's internal reasoning.
  • Capability inventory: The skill executes the gh CLI tool and, according to the workflow in SKILL.md, is intended to implement code fixes.
  • Sanitization: Log snippets are extracted and presented to the agent without sanitization or filtering of potential instructions.
  • [COMMAND_EXECUTION]: The skill executes the GitHub CLI tool programmatically.
  • The script scripts/inspect_pr_checks.py utilizes subprocess.run with argument lists to invoke gh.
  • This approach is a security best practice that prevents shell injection vulnerabilities by avoiding the use of shell=True or string-based command assembly.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:38 PM