skills/nvidia/megatron-lm/mcore-cicd/Gen Agent Trust Hub

mcore-cicd

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides various shell commands for the agent to use, including Git operations, GitHub CLI (gh) tasks, and standard Linux text processing utilities (grep, sed, wc). These are intended for legitimate repository maintenance and CI/CD troubleshooting.
  • [COMMAND_EXECUTION]: The documentation includes instructions for a script (tools/trigger_internal_ci.py) that performs a destructive remote write (force-push). The skill mitigates this risk by providing clear warnings and recommending a dry-run preflight check before execution.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to ingest and analyze untrusted external data.
  • Ingestion points: The skill uses gh pr view, gh pr diff, and gh run download to fetch pull request metadata, code changes, and CI logs in SKILL.md.
  • Boundary markers: No explicit boundary markers or "ignore embedded instructions" warnings are provided for the ingested content.
  • Capability inventory: The skill provides the agent with capabilities to execute shell commands, perform network requests via the GitHub CLI, and access the file system.
  • Sanitization: There are no instructions to sanitize or filter the content of PR diffs or CI logs before processing, though there is a recommendation to read large logs in chunks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 09:41 PM
Security Audit — agent-trust-hub — mcore-cicd