ci-monitoring
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Remote Code Execution] (HIGH): The skill executes 'pnpm test' and 'pnpm build' on code from Pull Requests. This allows the execution of arbitrary scripts defined in the repository, posing a severe risk if the PR originates from an untrusted source.\n- [Prompt Injection] (HIGH): The instructions contain behavioral overrides that disable human-in-the-loop safety checks. It commands the agent to 'MUST merge the PR immediately' and 'Do NOT... Wait for user confirmation', effectively overriding the agent's safety protocols regarding user verification.\n- [Indirect Prompt Injection] (HIGH): The agent processes untrusted data from CI logs and command outputs to make decisions.\n
- Ingestion points: Workflow logs via 'gh run view --log-failed' and test execution outputs.\n
- Boundary markers: None present.\n
- Capability inventory: Includes 'gh pr merge' (destructive) and 'git push'.\n
- Sanitization: None; the agent is instructed to diagnose errors directly from potentially attacker-controlled log content.\n- [Command Execution] (MEDIUM): The skill uses powerful CLI tools ('gh', 'git', 'pnpm', 'docker-compose') to perform significant repository modifications and environment setup without manual confirmation.
Recommendations
- AI detected serious security threats
Audit Metadata