gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the official GitHub CLI (
gh) to perform repository operations including viewing PR metadata, listing check statuses, and retrieving job logs. These commands are executed within the user's authenticated environment and are appropriate for the tool's stated purpose of CI/CD debugging. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted data from GitHub Action logs.
- Ingestion points: External logs fetched via the
gh run view --logcommand as described inSKILL.md. - Boundary markers: No specific delimiters are used to wrap the ingested log content.
- Capability inventory: The skill has the capability to propose and implement code changes (file system writes) as specified in
SKILL.md. - Sanitization: No explicit sanitization or filtering of log content is defined; however, the requirement for user approval before implementing any fix plan serves as a critical human-in-the-loop mitigation against the autonomous execution of injected instructions.
Audit Metadata