Skills
skills/mindgames/skills/gh-fix-ci/Gen Agent Trust Hub

gh-fix-ci

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh and git command-line tools to interact with GitHub repositories and retrieve Actions logs. These commands are executed using Python's subprocess module with argument lists, which follows security best practices for preventing shell injection.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from external sources (GitHub Actions logs).
  • Ingestion points: CI logs are fetched in scripts/inspect_pr_checks.py using gh run view --log and the GitHub API.
  • Boundary markers: The logs are presented to the agent without explicit delimiters or instructions to ignore embedded commands, which could allow malicious log content to influence the agent's behavior.
  • Capability inventory: The skill allows the agent to propose and implement code fixes, which involves file modifications and potentially further command execution based on the analyzed log content.
  • Sanitization: No sanitization or filtering of the log content is performed before it is provided to the agent for summarization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:18 PM