fix-buildkite-ci
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches build JSON, job logs, and artifacts from buildkite.com. As Buildkite is a well-known service, these operations are considered safe and standard for CI triage.\n- [COMMAND_EXECUTION]: Uses system commands such as gh, bk, curl, jq, and perl to process CI data. These are used in a limited and safe manner consistent with developer workflows.\n- [CREDENTIALS_UNSAFE]: Refers to the BUILDKITE_API_TOKEN environment variable. No hardcoded credentials were found; documentation uses a generic placeholder.\n- [PROMPT_INJECTION]: The skill processes job logs and artifacts, which constitutes a potential surface for indirect prompt injection.\n
- Ingestion points: Reads build JSON and job logs via curl and bk tools as described in the triage reference.\n
- Boundary markers: None explicitly defined to delimit log content from agent instructions.\n
- Capability inventory: Executes system commands (gh, bk, curl) and writes code fixes to the local filesystem.\n
- Sanitization: Uses tr and perl to clean log output and filters for specific error patterns like 'query result mismatch'.
Audit Metadata