github-pr-workflow

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill includes logic in SKILL.md to automatically harvest GitHub tokens from existing local configuration files, specifically ~/.hermes/.env and ~/.git-credentials, to authenticate API requests.
  • [COMMAND_EXECUTION]: The skill utilizes python3 -c within SKILL.md and references/ci-troubleshooting.md to dynamically execute inline Python scripts for parsing JSON responses and processing CI status data.
  • [PROMPT_INJECTION]: The skill describes an 'Auto-Fix Loop Pattern' that processes external CI logs to drive code modifications, creating an indirect prompt injection vulnerability surface.
  • Ingestion points: CI logs are downloaded from GitHub Actions via the API and stored in /tmp/ci-logs/ for processing (found in SKILL.md and references/ci-troubleshooting.md).
  • Boundary markers: Absent. The instructions do not specify any delimiters or safety warnings to separate external log content from agent instructions.
  • Capability inventory: The skill utilizes file modification and git operations, including patch, write_file, git commit, and git push (documented in SKILL.md).
  • Sanitization: Absent. Logs are downloaded and catted directly into the context without validation or sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:45 PM
Security Audit — agent-trust-hub — github-pr-workflow