diagnosing-ci-and-merge-bottlenecks
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill serves as a guide for interpreting metadata from GitHub Actions and pull requests.
- [COMMAND_EXECUTION]: The skill relies on specific, named MCP tools and explicitly instructs the agent not to write SQL or execute arbitrary code, reducing the risk of injection attacks.
- [PROMPT_INJECTION]: No patterns of instruction override, safety filter bypass, or system prompt extraction were found.
- [DATA_EXFILTRATION]: The skill processes metadata (timings, statuses, author handles) intended for engineering analytics. There are no patterns involving the access of sensitive system files, environment variables, or unauthorized network endpoints.
- [INDIRECT_PROMPT_INJECTION]: While the skill processes untrusted data from GitHub (such as PR labels and author names), it primarily focuses on quantitative analysis (latencies, counts). The instructions include clear boundaries and warnings against over-interpreting stale or partial data.
Audit Metadata