gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes the GitHub CLI (gh) and a local Python script (inspect_pr_checks.py) to inspect repository state and fetch logs. These operations are core to the skill's intended purpose.
- PROMPT_INJECTION (LOW): Indirect prompt injection surface detected. The skill reads GitHub Actions logs which are external, untrusted data sources that could contain malicious instructions designed to manipulate the agent's behavior. 1. Ingestion points: Data is ingested from GitHub logs via 'gh run view --log' and the bundled 'inspect_pr_checks.py' script. 2. Boundary markers: Absent; there are no specific delimiters or instructions for the agent to ignore embedded commands within the log files. 3. Capability inventory: The agent has the capability to execute shell commands (gh), run scripts (python), and modify the local repository. 4. Sanitization: There is no evidence of log content sanitization or validation before the content is summarized for the user.
Audit Metadata