Skills
skills/xiaojiongqian/skills-hub/gh-fix-ci/Gen Agent Trust Hub

gh-fix-ci

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The bundled script scripts/inspect_pr_checks.py executes system commands including gh and git using the subprocess module to retrieve pull request status, checks, and logs. While the command arguments are mostly structured, this provides a functional surface for system interaction.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from GitHub Actions logs, which could be manipulated by external contributors.
  • Ingestion points: CI logs are fetched from GitHub via gh run view and the GitHub API in scripts/inspect_pr_checks.py and provided to the agent context.
  • Boundary markers: The skill does not implement delimiters or specific instructions to treat log snippets as untrusted data, increasing the risk of the agent following instructions embedded in logs.
  • Capability inventory: The skill possesses high-impact capabilities, including the ability to propose and implement code changes in the repository and execute further CLI commands.
  • Sanitization: Log content is processed and summarized without sanitization or filtering for malicious instruction patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 11:02 AM