apollo-ci-integration
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: Reads and edits files within the project repository as described in
SKILL.mdandreferences/implementation-guide.md. - Boundary markers: None identified; repository content is processed without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: Includes
Bash,gh,curl, and fileWrite/Editpermissions as defined in theallowed-toolsofSKILL.md. - Sanitization: No sanitization or validation of the ingested repository content is performed before processing.
- [DATA_EXFILTRATION]: Performs network requests to
api.apollo.iofor status checks and integration tests, and to Slack for build alerts. These interactions target well-known services associated with the skill's purpose. - [COMMAND_EXECUTION]: Employs the GitHub CLI (
gh) for managing repository secrets andcurlfor connectivity checks in the workflow templates provided inSKILL.mdandreferences/implementation-guide.md. - [EXTERNAL_DOWNLOADS]: Pulls official and well-known GitHub Actions, such as
actions/checkout,actions/setup-node, andslackapi/slack-github-action, from the GitHub Actions marketplace. - [CREDENTIALS_UNSAFE]: Includes a validation script in
references/implementation-guide.mdthat passes an API key in a URL query parameter (?api_key=$APOLLO_API_KEY). This is a best-practice violation as sensitive keys transmitted in URLs may be recorded in server or proxy logs.
Audit Metadata