debugging-ci-failures
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various commands using the GitHub CLI (
gh) and a vendor-specific tool (hogli). These commands are used to view PR status, download logs, and run local tests or linters (e.g.,gh pr view,hogli test,hogli format). This is expected behavior for a CI debugging tool. - [PROMPT_INJECTION]: The skill ingests untrusted data in the form of GitHub Action logs via
gh run view --log. This creates a surface for indirect prompt injection. However, the skill effectively mitigates this risk through a comprehensive set of 'Safety rules' that explicitly prohibit any automated destructive or public-facing actions, such as pushing code, merging PRs, or posting comments, without explicit human approval.
Audit Metadata