Skills
skills/mergifyio/mergify-cli/mergify-ci/Gen Agent Trust Hub

mergify-ci

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses eval to process shell-formatted output from the mergify ci git-refs command. This is a standard mechanism to export variables such as MERGIFY_GIT_REFS_BASE into the current shell session.
  • [DATA_EXFILTRATION]: The skill transmits test result metadata and JUnit XML content to https://api.mergify.com. This is the primary function of the tool and targets the official Mergify API.
  • [CREDENTIALS_UNSAFE]: Sensitive authentication is handled via the MERGIFY_TOKEN environment variable. The skill documentation explicitly recommends using GitHub Secrets or equivalent secure storage, which aligns with industry best practices.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 01:30 PM
Security Audit — agent-trust-hub — mergify-ci