check-ci
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted data from GitHub CI check names and descriptions which could contain malicious instructions. Evidence: 1. Ingestion points: The skill ingests data from the output of the
gh pr checkscommand within thescripts/check_ci.shscript. 2. Boundary markers: There are no boundary markers or delimiters used when echoing the CI status output to the agent context. 3. Capability inventory: The skill's capabilities are limited to information retrieval and status polling, which only influences agent reasoning and summarization (LOW tier). 4. Sanitization: The output from the GitHub CLI is not sanitized or filtered before being presented to the agent.
Audit Metadata