Skills
skills/composiohq/awesome-codex-skills/pr-review-ci-fix/Gen Agent Trust Hub

pr-review-ci-fix

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to install the Composio CLI tool by downloading and executing a shell script from the author's official domain (https://composio.dev/install).
  • [COMMAND_EXECUTION]: The skill makes extensive use of the composio CLI to manage authentication (composio login), search for toolkits, and execute API-driven actions for GitHub and GitLab. It also performs local shell operations for code patching and version control (git commit, git push).
  • [EXTERNAL_DOWNLOADS]: The skill fetches external data from GitHub and GitLab, including pull request metadata, file content, and CI workflow logs, which are used for automated code analysis and debugging.
  • [PROMPT_INJECTION]: The skill's primary function involves processing external, potentially untrusted data from PR files and logs, which creates a surface for indirect prompt injection.
  • Ingestion points: Pull request diffs and CI logs are ingested via tools like GITHUB_LIST_PULL_REQUESTS_FILES and GITHUB_DOWNLOAD_WORKFLOW_RUN_LOGS.
  • Boundary markers: The instructions do not specify any boundary markers or delimiters to isolate untrusted external content from the agent's instructions.
  • Capability inventory: The agent has the capability to write to the local filesystem, execute code fixes, and push commits to remote repositories.
  • Sanitization: No explicit sanitization or validation steps are defined for the logs or diff data before they are processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 03:20 AM