Skills
skills/rlespinasse/agent-skills/verify-pr-logs/Gen Agent Trust Hub

verify-pr-logs

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes external GitHub Actions logs which are untrusted data.
  • Ingestion points: CI logs are fetched using the gh run view command in SKILL.md.
  • Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore potential instructions embedded in the logs.
  • Capability inventory: The agent is authorized to modify source files, workflow configurations, and execute shell commands based on its analysis.
  • Sanitization: No validation or sanitization of log content is performed before the agent uses it for diagnosis.
  • [COMMAND_EXECUTION]: The skill instructs the agent to 'execute the same command that failed in CI' locally for verification. If the failing command in the CI workflow was malicious (e.g., injected via a pull request from an untrusted source), the agent might inadvertently execute that malicious command on the user's local system.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 02:46 PM