openai-gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted GitHub Action logs which may contain malicious instructions designed to influence the agent's behavior. Evidence: 1. Ingestion points: Fetches logs via 'gh run view --log' and GitHub API log endpoints; 2. Boundary markers: Absent; 3. Capability inventory: Uses 'Bash', 'Write', and 'Edit' tools, allowing for command execution and file modification; 4. Sanitization: Absent, but mitigated by a mandatory human-approval step before implementation.
- Unverifiable Dependencies (LOW): The skill executes a bundled script 'inspect_pr_checks.py' that is not provided for analysis. This is downgraded to LOW based on the trusted origin (OpenAI).
Audit Metadata