gh-fix-ci
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata falsely attributes the author as 'github.com/openai/skills' despite the actual provider being identified as 'tech-leads-club'. This form of metadata poisoning is misleading and can result in an incorrect assessment of the skill's safety and origin.
- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection via the ingestion of GitHub Actions log files. Evidence Chain: (1) Ingestion points: Log data retrieved via 'gh run view' and 'gh api' in 'inspect_pr_checks.py'. (2) Boundary markers: The 'SKILL.md' workflow enforces a mandatory plan-and-approval phase before any changes are implemented. (3) Capability inventory: Subprocess execution of 'git' and 'gh' commands for check management. (4) Sanitization: The script uses failure markers to extract specific snippets and summarizes data rather than allowing direct execution of log contents.
- [COMMAND_EXECUTION]: The bundled Python script 'inspect_pr_checks.py' utilizes the subprocess module to interact with 'git' and 'gh' (GitHub CLI) binaries. While it avoids shell injection through structured argument passing, the skill's operations are dependent on the user's local GitHub CLI authentication and environment.
Audit Metadata