Skills
skills/jetbrains/skills/gh-fix-ci/Gen Agent Trust Hub

gh-fix-ci

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interactively executes gh and git commands using subprocess.run. The implementation follows security best practices by passing arguments as a list rather than a single shell string, effectively preventing shell injection vulnerabilities.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes GitHub Actions logs, which may contain attacker-influenced content.
  • Ingestion points: Untrusted data enters via gh run view --log and gh api calls in scripts/inspect_pr_checks.py.
  • Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed logs.
  • Capability inventory: The skill includes the ability to execute CLI tools and modify the local filesystem during the fix implementation phase.
  • Sanitization: The skill does not sanitize the logs before they are presented to the AI agent.
  • Mitigation: The workflow mandates that any fix must be reviewed and approved by the user before implementation, which serves as a critical safety barrier.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 10:50 PM
Security Audit — agent-trust-hub — gh-fix-ci