Skills
skills/lobbi-docs/claude/cicd-integration/Gen Agent Trust Hub

cicd-integration

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the official @anthropic-ai/claude-code package from a well-known registry and utilizes the anthropics/claude-code-action GitHub Action from a trusted organization.
  • [PROMPT_INJECTION]: The skill documents patterns where untrusted data (pull request titles, descriptions, and file contents) is passed directly to the agent, creating a surface for indirect prompt injection.
  • Ingestion points: CI/CD event data such as ${{ github.event.pull_request.title }} and repository files accessed at runtime.
  • Boundary markers: The templates lack explicit delimiters or instructions (e.g., 'ignore embedded commands') to separate user-provided data from agent instructions.
  • Capability inventory: The skill uses tools with Read, Grep, Glob, Write, and Bash permissions, which could be misused if the agent is influenced by malicious content in a PR.
  • Sanitization: There is no evidence of input validation or sanitization before data is interpolated into the agent's task prompts.
  • [COMMAND_EXECUTION]: Provides a GitHub Action pattern using github-script that interpolates agent output directly into a JavaScript string literal (JSON.parse('${{ steps.claude.outputs.result }}')). This is a common but risky pattern that can lead to script failure or injection in the runner context if the agent output contains unescaped quotes or malicious code snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 01:23 AM