ci-monitoring
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection through untrusted GitHub pull request data.
- Ingestion points:
SKILL.md(reading review comments viagh api graphql) andreference/ci-failures.md(reading CI logs viagh run view). - Boundary markers: Absent. No delimiters or specific 'ignore instructions' warnings are provided for external data processing.
- Capability inventory: Access to
Bash(shell execution),Edit(file modification), andmcp__github__*(GitHub management). - Sanitization: Absent. The skill relies on the LLM's 'understanding' and 'verification' of feedback rather than technical filtering.
- COMMAND_EXECUTION (LOW): The skill executes local environment scripts (
pnpm test,pnpm build,pnpm lint) which are defined within the repository being monitored. - Evidence:
SKILL.mdandreference/ci-failures.mdcontain instructions to run local build and test suites to reproduce CI failures. - Risk: If an attacker submits a malicious PR that modifies
package.jsonscripts or test files, the autonomous nature of the skill ('Do NOT stop to report or ask') may lead to the execution of malicious code in the local environment.
Audit Metadata