slowest-tests
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local scripts and command-line tools including 'bun', 'bk' (BuildKite), and 'gh' (GitHub) to automate data gathering from CI runs and manage reporting tasks.
- [EXTERNAL_DOWNLOADS]: Downloads raw build logs from BuildKite's infrastructure to perform timing analysis.
- [DATA_EXFILTRATION]: Uploads processed test performance data to GitHub Gists as a 'secret gist' to share the full report. GitHub is a well-known service and a trusted platform.
- [PROMPT_INJECTION]: Exposes a surface for indirect prompt injection through the processing of untrusted CI log data. 1. Ingestion points: External BuildKite logs fetched via raw_log_url. 2. Boundary markers: No specific delimiters are mentioned for the log parsing process. 3. Capability inventory: The skill has the ability to execute shell commands (bun, bk, gh) and write to the local file system. 4. Sanitization: Implements basic string operations such as normalizing path backslashes and stripping retry markers.
Audit Metadata