gh-fix-ci
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the GitHub CLI (gh) and a bundled Python script (scripts/inspect_pr_checks.py) to gather PR information and logs. This involves running system commands with arguments derived from the repository state and user input. The script uses argument lists for subprocess calls, which is a safe practice against shell injection.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection due to its reliance on external data from GitHub Actions logs.\n
- Ingestion points: GitHub Actions logs are fetched and parsed in scripts/inspect_pr_checks.py to extract failure snippets.\n
- Boundary markers: None present. The SKILL.md instructions do not provide delimiters or instructions to the agent to treat log content as untrusted data.\n
- Capability inventory: The agent is instructed to draft and implement fix plans (involving file system writes) based on the analyzed logs.\n
- Sanitization: Log data is processed as raw text and presented to the agent without filtering or escaping.
Audit Metadata