gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local Git environment and the GitHub CLI to fetch repository and CI status information.
- Evidence: The script
scripts/inspect_pr_checks.pyusessubprocess.runwith list-based arguments to execute commands likegit rev-parse,gh pr checks, andgh run view. - Mitigation: By avoiding shell execution and using structured argument lists, the skill prevents common command injection vectors.
- [EXTERNAL_DOWNLOADS]: Retrieves diagnostic information and CI logs from GitHub's infrastructure.
- Evidence: Uses the
gh apicommand to fetch job logs from GitHub's servers. - Note: These resources are fetched from a well-known and trusted service for the purpose of failure analysis.
- [PROMPT_INJECTION]: The skill processes untrusted external data from GitHub Actions logs, creating a surface for indirect prompt injection.
- Ingestion points: Failure logs are fetched and read in
scripts/inspect_pr_checks.py. - Boundary markers: Log snippets are presented to the agent without specific delimiters or warnings to ignore embedded instructions.
- Capability inventory: The agent is authorized to propose and implement code fixes based on its interpretation of the logs.
- Sanitization: No validation or filtering is applied to the log content to remove potential malicious instructions.
Audit Metadata