agent-cicd
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is configured with 'Bash' and 'Edit' permissions, enabling it to execute arbitrary shell commands. It specifically instructs the agent to run project-level scripts ('npm run lint', 'npm run test', 'npm run build'), use the GitHub CLI ('gh run', 'gh pr'), and perform Git operations ('git push'). While these are standard for CI/CD tasks, they grant the agent substantial control over the execution environment.
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its data-ingestion patterns.
- Ingestion points: The agent reads untrusted data from external sources, including GitHub Actions logs (via 'gh run view --log-failed'), Pull Request details (via 'gh pr view'), and database initialization scripts ('cat docker/postgres/init.sql').
- Boundary markers: There are no boundary markers or instructions to treat data from these sources as non-executable or to ignore embedded instructions.
- Capability inventory: The agent has the capability to modify the filesystem ('Write', 'Edit'), execute commands ('Bash'), and push code to a remote repository ('git push'), which could be exploited if an injection occurs.
- Sanitization: The skill lacks any mechanism to sanitize or filter the content retrieved from logs or external files before the agent processes and acts upon that information.
Audit Metadata