monitor-ci
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a subshell within a command:
gh run list --branch $(git branch --show-current). If a branch name is maliciously crafted (e.g., containing semicolons or backticks), it could lead to arbitrary command execution depending on how the underlying platform handles shell expansion. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external, untrusted data from CI logs.
- Ingestion points: Failed CI job logs are fetched using
gh run view <run-id> --log-failedand provided to the agent for categorization and summarization. - Boundary markers: There are no specified delimiters or instructions to ignore potential commands embedded within the log files.
- Capability inventory: The skill possesses the ability to execute shell commands (
gh,git) and read repository state. - Sanitization: No sanitization or filtering of the log content is performed before the agent processes and summarizes the data.
Audit Metadata