gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a Python script to execute Git and GitHub CLI (gh) commands on the local system to resolve pull request status and retrieve job logs. The commands are constructed using lists, which prevents shell injection.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external data from GitHub Actions logs.
- Ingestion points: Pull request metadata and action logs fetched via gh run view and GitHub API endpoints in scripts/inspect_pr_checks.py.
- Boundary markers: No specific delimiters are used to separate the log content from the agent's instructions.
- Capability inventory: The skill can read repository information and is intended to be used with other skills to draft and implement code fixes.
- Sanitization: Log text is extracted and presented to the agent without sanitization or filtering of potentially malicious instructions embedded in the logs.
Audit Metadata