cmd-fix-pr-chechers
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes an instruction to "Run autonomously without approval checkpoints," which is a direct attempt to bypass standard human-in-the-loop safety protocols and user oversight for high-impact actions like code modification.
- [COMMAND_EXECUTION]: The skill executes potentially dangerous repository operations, including creating worktrees, committing changes, and performing a remote
git pushto the project repository. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from external data sources.
- Ingestion points: The agent reads failing GitHub Actions logs using
gh run view --log-failed, which can contain arbitrary text from the build environment or external PR contributors. - Boundary markers: No delimiters or specific instructions are provided to the agent to treat the log content as untrusted data or to ignore instructions embedded within the logs.
- Capability inventory: The agent has full access to the source code within the worktree and the ability to push modifications back to the remote branch.
- Sanitization: There is no evidence of sanitization or validation of the errors/logs before they are used to generate code "fixes".
Audit Metadata