moai-workflow-ci-loop
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Executes local shell scripts (e.g.,
scripts/ci-watch/run.sh,scripts/ci-autofix/log-fetch.sh) and the GitHub CLI (gh) to automate CI workflows. - [COMMAND_EXECUTION]: Performs automated Git operations, including commits and pushes for patches, with an explicit prohibition against force-pushing to maintain repository integrity.
- [PROMPT_INJECTION]: Ingests untrusted external data from GitHub PR checks and CI logs, creating a surface for indirect prompt injection.
- Ingestion points: Reads output from
gh pr checksand CI failure logs viascripts/ci-autofix/log-fetch.sh. - Boundary markers: Not explicitly defined in the provided file.
- Capability inventory: Execution of shell scripts, Git operations (commit/push), and local file reads/writes.
- Sanitization: Uses classification logic to separate "mechanical" from "semantic" failures, escalating the latter to prevent execution of complex or potentially malicious logic hidden in logs.
- [SAFE]: Implements a "Protected Files" policy that identifies sensitive paths (e.g.,
.env,credentials,.claude/settings.json) and explicitly blocks the automated system from modifying them. - [SAFE]: Communicates exclusively with GitHub, a well-known service, for workflow and PR management.
Audit Metadata