buildkite-logs
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches build metadata, logs, and artifacts from the official Buildkite API (api.buildkite.com). These downloads are performed from a well-known service and are necessary for the skill's primary functionality.
- [COMMAND_EXECUTION]: Uses standard command-line tools including curl for network requests, jq for processing JSON data, and grep/rg for searching through logs. All commands are used according to their intended purpose for CI log analysis.
- [PROMPT_INJECTION]: The skill processes untrusted data from external Buildkite CI logs. Ingestion points: log content retrieved via curl in SKILL.md. Boundary markers: None. Capability inventory: curl, jq, grep, rg. Sanitization: None. This represents a potential surface for indirect prompt injection, but the risk is assessed as low given the skill's specific utility and the nature of the data processed.
Audit Metadata