gh-fix-ci
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection through ingestion of external CI logs. 1. Ingestion points: GitHub Actions logs are fetched via 'gh run view --log' in SKILL.md. 2. Boundary markers: None present to distinguish untrusted log data from instructions. 3. Capability inventory: The skill has the capability to 'create a fix plan and implement' code changes. 4. Sanitization: No evidence of sanitization or validation of log content. Risk: An attacker can craft a pull request that prints malicious instructions to the logs; the AI may interpret these as legitimate 'fix' instructions and propose code changes that compromise the repository.
- [COMMAND_EXECUTION] (LOW): Utilizes the 'gh' CLI tool. Evidence includes usage of 'gh auth status', 'gh pr view', and 'gh run view'. This is standard functionality for GitHub integration but provides the mechanism for the automated modification of the codebase based on interpreted data.
Recommendations
- AI detected serious security threats
Audit Metadata