fix-ci
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes the GitHub CLI (
gh) for routine operations such as listing runs (gh run list) and viewing logs (gh run view). These are standard administrative tasks for the intended use case. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data (CI logs) via
gh run view --log. This presents a theoretical surface where malicious logs could attempt to influence the agent's analysis. - Ingestion points: Output from
gh run view <run-id> --log. - Boundary markers: None specified for log content.
- Capability inventory: File creation (markdown summaries) and PR updates.
- Sanitization: None specified; the agent is expected to parse raw log text.
- [DATA_EXPOSURE] (SAFE): While CI logs can occasionally contain sensitive information, the skill does not exfiltrate this data or perform unauthorized network requests. It follows standard DevOps practices for log inspection.
Audit Metadata