fix-ci
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses high-priority instructional language (e.g., "MANDATORY IMPORTANT MUST", "NON-NEGOTIABLE") to define its internal execution flow and ensure the agent adheres to specific evidence-based reasoning protocols.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: External content from GitHub Actions logs is fetched using the
ghcommand (SKILL.md). - Boundary markers: Absent; there are no specific instructions or delimiters provided to help the agent distinguish between CI log output and control instructions.
- Capability inventory: The skill has the capability to modify files ("implementing the fix") and execute shell commands through the
testersubagent (SKILL.md). - Sanitization: Absent; the skill does not mention any sanitization, filtering, or validation of the log data before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill directs the agent to interact with the system via the GitHub CLI (
gh) and execute test suites, which involves running arbitrary shell commands determined during the debugging and fixing phase.
Audit Metadata