gh-fix-ci
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The skill explicitly instructs the agent to use
sandbox_permissions=require_escalatedto bypass sandbox restrictions for authentication and keyring access. It also requests high-privilege GitHub scopes (workflow,repo), significantly increasing the blast radius if the agent is compromised.\n- [Command Execution] (MEDIUM): Executes a bundled Python script (inspect_pr_checks.py) and multipleghCLI commands to interact with the environment and GitHub API.\n- [Indirect Prompt Injection] (LOW): This skill exposes a surface for indirect prompt injection. 1. Ingestion points: The skill pulls untrusted job logs from GitHub Actions. 2. Boundary markers: Absent; instructions do not tell the agent to ignore instructions embedded in logs. 3. Capability inventory: The agent has the ability to execute shell commands and modify local source code based on these logs. 4. Sanitization: None; failure snippets are summarized and used to draft 'fix plans' without validation.
Recommendations
- AI detected serious security threats
Audit Metadata