ci-fix
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local
ghandgitcommands to diagnose and fix repository issues. This includes write-access operations likegit pushto a fix branch andgh run rerun. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data processing workflow. An attacker could potentially influence the agent's code fixes by injecting instructions into failing test logs or artifacts. Ingestion points: Failure logs from
gh run view --log-failedand downloaded artifacts fromgh run download. Boundary markers: None; the agent is prompted to analyze raw log content for root causes. Capability inventory:git add,git commit,git push, and workflow modification capabilities. Sanitization: No validation or sanitization of log content is performed before the agent implements and pushes a fix.
Audit Metadata