gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/inspect_pr_checks.py' uses 'subprocess.run' to execute 'git' and 'gh' commands. These commands are used to identify the repository root, verify authentication, resolve PR details, and fetch CI logs. While parameters are passed as list arguments, this pattern involves executing system binaries based on repository state and user-provided PR identifiers.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection vulnerability surface because it ingests untrusted data from GitHub Actions logs to inform agent decisions.\n
- Ingestion points: External data enters the agent context through 'scripts/inspect_pr_checks.py', which retrieves log content via 'gh run view --log' and the GitHub API endpoint for job logs.\n
- Boundary markers: There are no explicit delimiters or instructions provided in the scripts or the 'SKILL.md' workflow to isolate or ignore instructions that may be embedded within the external CI logs.\n
- Capability inventory: The skill possesses the capability to execute shell commands and is intended to modify the local filesystem and interact with the remote repository to implement fix plans.\n
- Sanitization: The tool performs no sanitization or filtering of the log snippets extracted from the external GitHub environment before they are processed by the agent.
Audit Metadata