running-in-ci
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill includes explicit security instructions that prohibit the execution of commands that expose secrets (such as 'env', 'printenv', or 'export') and strictly forbids including credentials in any responses or comments.
- [SAFE]: It mandates the use of temporary files and single-quoted heredocs ('EOF') to prevent shell expansion and command injection when passing pull request or issue content to the GitHub CLI. This is a best-practice defense against manipulating the agent's shell environment.
- [PROMPT_INJECTION]: The skill defines a workflow that ingests untrusted data from GitHub PRs, issues, and CI logs, creating an indirect prompt injection surface. This is mitigated by the described security practices. 1. Ingestion points: PR/issue views, diffs, comments, and CI session log artifacts. 2. Boundary markers: Instructions to use file-based inputs and prevent shell expansion using quoted heredocs. 3. Capability inventory: Git branch pushing, PR creation/modification, and posting comments. 4. Sanitization: Mandated use of temporary files for all shell-sensitive arguments to ensure the agent does not interpret user-controlled strings as commands.
Audit Metadata