moai-workflow-ci-loop

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes local shell scripts (e.g., scripts/ci-watch/run.sh, scripts/ci-autofix/log-fetch.sh) and the GitHub CLI (gh) to automate CI workflows.
  • [COMMAND_EXECUTION]: Performs automated Git operations, including commits and pushes for patches, with an explicit prohibition against force-pushing to maintain repository integrity.
  • [PROMPT_INJECTION]: Ingests untrusted external data from GitHub PR checks and CI logs, creating a surface for indirect prompt injection.
  • Ingestion points: Reads output from gh pr checks and CI failure logs via scripts/ci-autofix/log-fetch.sh.
  • Boundary markers: Not explicitly defined in the provided file.
  • Capability inventory: Execution of shell scripts, Git operations (commit/push), and local file reads/writes.
  • Sanitization: Uses classification logic to separate "mechanical" from "semantic" failures, escalating the latter to prevent execution of complex or potentially malicious logic hidden in logs.
  • [SAFE]: Implements a "Protected Files" policy that identifies sensitive paths (e.g., .env, credentials, .claude/settings.json) and explicitly blocks the automated system from modifying them.
  • [SAFE]: Communicates exclusively with GitHub, a well-known service, for workflow and PR management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 01:17 AM
Security Audit — agent-trust-hub — moai-workflow-ci-loop