mcore-cicd
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides various shell commands for the agent to use, including Git operations, GitHub CLI (
gh) tasks, and standard Linux text processing utilities (grep,sed,wc). These are intended for legitimate repository maintenance and CI/CD troubleshooting. - [COMMAND_EXECUTION]: The documentation includes instructions for a script (
tools/trigger_internal_ci.py) that performs a destructive remote write (force-push). The skill mitigates this risk by providing clear warnings and recommending a dry-run preflight check before execution. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to ingest and analyze untrusted external data.
- Ingestion points: The skill uses
gh pr view,gh pr diff, andgh run downloadto fetch pull request metadata, code changes, and CI logs inSKILL.md. - Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are provided for the ingested content.
- Capability inventory: The skill provides the agent with capabilities to execute shell commands, perform network requests via the GitHub CLI, and access the file system.
- Sanitization: There are no instructions to sanitize or filter the content of PR diffs or CI logs before processing, though there is a recommendation to read large logs in chunks.
Audit Metadata