Skills
skills/spences10/claude-code-toolkit/ci-debug-workflow/Gen Agent Trust Hub

ci-debug-workflow

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from GitHub issues (gh issue view) and CI logs to extract reproduction steps. If these sources contain malicious instructions, the agent might execute them using the provided tools.
  • Ingestion points: GitHub issue content (references/bug-thread-extraction.md), CI logs (SKILL.md).
  • Capability inventory: Bash tool allows for arbitrary command execution (npm, docker, git, etc.).
  • Boundary markers: None specified in the instructions to separate data from instructions.
  • Sanitization: No explicit sanitization or validation of the extracted reproduction steps is mentioned before execution.
  • [COMMAND_EXECUTION]: The skill frequently uses the Bash tool to run builds, tests, and Docker commands (e.g., npm test, docker build, docker run). While intended for debugging and reproduction of bugs, this capability can be leveraged if the agent is misled by malicious input from external sources.
  • [DATA_EXFILTRATION]: The instruction to run env | sort in references/ci-patterns.md is intended for environment verification but can expose sensitive environment variables, tokens, and secrets to the agent's context or output logs if they are stored in the environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 08:43 PM