ci-autofix-reusable
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill implements a workflow pattern that processes CI failure logs, creating a surface for indirect prompt injection.
- Ingestion points: CI failure logs and failed job summaries are retrieved from the runner environment in REFERENCE.md.
- Boundary markers: The agent prompt lacks explicit delimiters to separate log content from instructions.
- Capability inventory: The agent is empowered with repository write permissions to facilitate automated fixes.
- Sanitization: Log output is processed without prior filtering or sanitization.
- [EXTERNAL_DOWNLOADS]: The generated templates reference an external GitHub Action.
- Source: References the anthropics/claude-code-action@v1 action.
- Context: This reference targets a known organization and is appropriate for the skill's purpose.
Audit Metadata