Skills
skills/mgiovani/cc-arsenal/ci-generate/Gen Agent Trust Hub

ci-generate

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses python3 -c "import yaml; yaml.safe_load(...)" in Phase 5 to validate the syntax of generated CI configurations. This is a local command execution limited to validation logic.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from project files (e.g., package.json) and web search results to generate configurations.
  • Ingestion points: Project configuration files and WebSearch results.
  • Boundary markers: Absent.
  • Capability inventory: File system writes and local command execution for validation.
  • Sanitization: Absent. This is a standard risk for tools performing codebase analysis.
  • [DATA_EXFILTRATION]: The skill reads project-level metadata to detect the technology stack. No sensitive data exfiltration or hardcoded credentials were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:42 PM
Security Audit — agent-trust-hub — ci-generate