nightly-sync
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from git commit logs, diffs, and CI job output to automate conflict resolution and status reporting.
- Ingestion points: Data enters the context via
git log,git diff, andgh pr viewcommands in Phase 1 and Phase 3. - Boundary markers: None explicitly defined for raw log output.
- Capability inventory: Includes file system modifications (
git merge,git checkout), network operations (gh pr create,gh api), and command execution (docker run). - Sanitization: Uses
jqfor structured data parsing, though raw git output is interpolated into PR descriptions. - [EXTERNAL_DOWNLOADS]: The workflow pulls the
uvpackage manager and utilizes thenvcr.io/nvidia/pytorchDocker image. These are official resources provided by the vendor (NVIDIA) and are used for dependency management and environment isolation. - [COMMAND_EXECUTION]: The skill executes various system commands for git operations, GitHub API interactions, and code formatting (black, isort, pylint). These actions are limited to the scope of the development repository and the nightly sync purpose.
Audit Metadata