Skills
skills/onekeyhq/app-monorepo/1k-monitor-pr-ci/Gen Agent Trust Hub

1k-monitor-pr-ci

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill in SKILL.md processes untrusted data from GitHub pull request comments and CI failure logs to drive its automated fixing logic. 1. Ingestion points: PR-level reviews, inline code comments, and CI failure logs (Steps 2, 3, and 4). 2. Boundary markers: None identified; the skill does not use specific delimiters to isolate external content from its decision-making instructions. 3. Capability inventory: The skill has high permissions to modify source code, create commits, and push to remote branches (Step 3). 4. Sanitization: None identified; logs and comments are parsed and interpreted without validation.
  • [COMMAND_EXECUTION]: The skill in SKILL.md utilizes the GitHub CLI (gh) and Git to monitor status and perform repository operations. This includes automated commits and pushes, which are based on the interpretation of external PR data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 09:29 AM