watch-ci
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple commands using the GitHub CLI (
gh) and Git to monitor PR status, fetch logs, and push code changes. These operations are essential for the skill's purpose and use standard tooling. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted external data which could contain malicious instructions.
- Ingestion points: The agent reads CI logs via
gh run viewand PR reviews/comments via the GitHub API. - Boundary markers: There are no specified delimiters or instructions to ignore embedded prompts within the external data.
- Capability inventory: The agent has permissions to edit files, run local test suites, and perform
git pushoperations. - Sanitization: The skill does not specify any sanitization or validation of the text retrieved from logs or comments.
Audit Metadata