check-ci
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches and summarizes CI logs from external sources, creating a vulnerability where malicious log content could influence agent behavior. 1. Ingestion points: CI log output from gh or gt commands. 2. Boundary markers: Absent in instructions. 3. Capability inventory: Local command execution via gh and gt. 4. Sanitization: No sanitization or filtering of log content is specified.
- [Command Execution] (SAFE): The skill utilizes gh (GitHub CLI) and gt (Graphite CLI) to retrieve status information. This is standard behavior for the tool's primary purpose.
Audit Metadata