Skills
skills/dnyoussef/ai-chrome-extension/cicd-intelligent-recovery/Gen Agent Trust Hub

cicd-intelligent-recovery

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface detected (Category 8). The skill ingests untrusted data from GitHub Action logs and processes it using multiple AI agents to generate code fixes.
  • Ingestion points: Failure logs are retrieved via gh run view --log and parsed into .claude/.artifacts/parsed-failures.json in SKILL.md (Step 1).
  • Boundary markers: The prompt templates use simple text headers (e.g., "FAILURE DATA", "CODEBASE CONTEXT") but lack robust delimiters or explicit instructions to ignore embedded instructions within the ingested content.
  • Capability inventory: The skill has extensive permissions, including modifying files via git apply, pushing code to remote branches with git push, and creating Pull Requests using gh pr create (Steps 4 and 8).
  • Sanitization: There is no evidence of sanitization or validation of the log content before it is processed by the AI agents.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx claude-flow@alpha throughout its SOP to execute remote code from the NPM registry. This represents a dependency on an unverified and unversioned package from an unknown source.
  • [COMMAND_EXECUTION]: The skill executes various shell commands including gh, git, and node to manage the CI/CD workflow, interact with the GitHub API, and apply automated code changes to the repository.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 07:18 AM