Skills
skills/firecrawl/openai-skills/gh-fix-ci/Gen Agent Trust Hub

gh-fix-ci

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run in scripts/inspect_pr_checks.py to execute git and gh commands. These calls use list-based arguments without a shell, which is a secure practice that prevents shell injection.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external data in the form of GitHub Actions logs. This creates a surface for indirect prompt injection if an attacker can control the log output. However, the risk is mitigated by the requirement for explicit user approval before the agent implements any proposed fixes.
  • Ingestion points: GitHub Actions logs are fetched by scripts/inspect_pr_checks.py via gh run view --log and the GitHub API.
  • Boundary markers: The prompt instructions do not specify explicit delimiters for the untrusted log content.
  • Capability inventory: The agent has the capability to write files and execute commands to implement fixes, though this is gated by user approval.
  • Sanitization: No specific sanitization or filtering of the log content is performed beyond extracting relevant failure snippets.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 03:02 PM
Security Audit — agent-trust-hub — gh-fix-ci