e2e-ci-trace-debug
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses the official GitHub CLI (
gh) to perform repository operations such as checking PR status, viewing failed run logs, and managing artifacts. These commands are restricted to the context of the current repository and are standard for CI/CD diagnostics. - [EXTERNAL_DOWNLOADS]: Fetches test artifacts (Playwright traces) from GitHub's servers using
gh run download. The instructions specify downloading these files into a temporary directory (/tmp) to prevent modification of the repository's source tree. - [REMOTE_CODE_EXECUTION]: Utilizes
npx playwright show-traceto inspect downloaded test results. This executes a well-known diagnostic tool from a trusted vendor (Playwright/Microsoft) to analyze local trace files. - [DATA_EXFILTRATION]: Includes explicit safety guidelines advising the agent not to capture or store sensitive data (like credentials or API keys) found within trace screenshots or network logs, emphasizing that failures should be reported as environment issues rather than hardcoded into the codebase.
- [PROMPT_INJECTION]: The skill processes untrusted external data (CI logs and trace files) which serves as an ingestion point for indirect prompt injection.
- Ingestion points: CI logs viewed via
gh run viewand Playwright traces viewed vianpx playwright show-trace(documented in SKILL.md and references/ci-diagnosis.md). - Boundary markers: Not explicitly defined for the log data parsing steps.
- Capability inventory: Shell execution capabilities via
gh(repo management),git(committing fixes), andnpx(diagnostic tools) across multiple workflow scripts. - Sanitization: No specific sanitization or filtering is mentioned for the processed log content, though the skill focuses on human-in-the-loop diagnostic patterns.
Audit Metadata