sc-pr-fix
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Potential for indirect prompt injection through external data ingestion. The skill fetches and parses CI logs from GitHub Actions, which could be manipulated by an attacker to include malicious instructions.\n
- Ingestion points: The
scripts/parse_check_failures.pyscript retrieves logs using thegh run viewcommand.\n - Boundary markers: No explicit delimiters or protective framing are used when passing parsed log data to the fix orchestrator or the agent.\n
- Capability inventory: The skill has the ability to execute shell commands (
Bash), read files, and edit source code, providing a significant impact surface if an injection is successful.\n - Sanitization: Log content is parsed using regular expressions but is not sanitized or validated to remove potential prompt injection payloads.\n- [COMMAND_EXECUTION]: Use of system commands to interact with development tools. The Python scripts use
subprocess.runto callgitandghCLI utilities to manage branches, commits, and pull request statuses.
Audit Metadata