ci-auto-fix
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using user-provided input (e.g., run IDs, PR numbers, repository owners) without specifying validation or sanitization logic. This creates a risk of command injection if a user provides malicious strings as input.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection: (1) Ingestion points: The agent reads and analyzes potentially attacker-controlled content from GitHub Action logs (via gh run view --log-failed) and PR metadata; (2) Boundary markers: Absent; (3) Capability inventory: The skill has extensive capabilities, including file modification, committing changes, and pushing to remote repository branches (git push); (4) Sanitization: Absent. The agent is instructed to determine fixes based directly on log content, which could contain malicious instructions designed to trick the agent into injecting vulnerabilities or exfiltrating data.
Audit Metadata