fixing
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from several sources, including local application logs (
references/workflow-logs.md), GitHub Action logs fetched via theghCLI (references/workflow-ci.md), and visual assets analyzed via multimodal capabilities (references/workflow-ui.md). These inputs could be manipulated to contain instructions aimed at misleading the agent. While the skill employs high-capability tools like aBashsubagent and agit-manager, the provided templates do not include specific boundary markers or sanitization steps to isolate these external inputs from the agent's core instructions. - [COMMAND_EXECUTION]: The skill relies on a
Bashsubagent to execute local commands for verification, such asnpm test,bun run typecheck, andpytest. These executions are central to the 'fixing' workflow but involve dynamic command generation based on the agent's analysis of the environment and logs. - [EXTERNAL_DOWNLOADS]: The skill retrieves build and test logs from GitHub using the
ghCLI in the CI/CD workflow (references/workflow-ci.md). This involves fetching data from a well-known service to facilitate remote debugging. - [DATA_EXFILTRATION]: Analysis of network and file operations shows no evidence of sensitive data being sent to unauthorized external domains. Operations are restricted to local file access and interactions with the official GitHub API via standard tooling.
Audit Metadata