ci-job-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill implements a knowledge base for processing untrusted CI job logs to automate code fixes, creating a significant Indirect Prompt Injection surface. Evidence: (1) Ingestion points: CI logs and error messages are used as input signals; (2) Boundary markers: Absent. There are no delimiters suggested to isolate log data from instructions; (3) Capability inventory: Recommends shell command execution (npx, ruff) and automated repair workflows; (4) Sanitization: Absent. The logic relies on matching text signals which can be spoofed in log output.
- COMMAND_EXECUTION (LOW): Recommends running shell commands for linting fixes like 'npx eslint --fix' and 'ruff check --fix'.
- EXTERNAL_DOWNLOADS (LOW): Uses 'npx' which may download external packages at runtime if they are not already installed.
Recommendations
- AI detected serious security threats
Audit Metadata