Skills
skills/paperclipai/paperclip/prcheckloop/Gen Agent Trust Hub

prcheckloop

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to identify and execute shell commands found within repository workflow files (e.g., .github/workflows/) to reproduce CI failures. This creates a risk where malicious commands embedded in the codebase or workflow configurations could be executed by the agent.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and acts upon data from external sources like GitHub Action logs.
  • Ingestion points: Technical logs retrieved via gh run view --log-failed and metadata from gh api calls (SKILL.md steps 3 and 5).
  • Boundary markers: The instructions do not define clear boundaries or 'ignore' directives for content parsed from logs.
  • Capability inventory: The agent can modify files, execute arbitrary shell commands for reproduction, and perform git push to remote repositories.
  • Sanitization: There is no evidence of sanitization or validation logic to filter malicious instructions that might be embedded in the output of failing tests or build steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 12:56 PM