ci-cd-and-automation
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill encourages a feedback loop where the agent processes external CI/CD failure logs to perform fixes and re-commits.
- Ingestion points: CI failure output pasted into the agent prompt (SKILL.md).
- Boundary markers: None provided in the instruction templates to separate untrusted logs from instructions.
- Capability inventory: The agent is expected to perform file-writes and potentially shell execution to fix bugs and push code.
- Sanitization: No specific sanitization or validation of the log content is mentioned.
- [DATA_EXPOSURE]: The skill correctly identifies and promotes best practices for secret management, specifically advising against hardcoding credentials and using GitHub Secrets or dedicated vaults instead.
- [EXTERNAL_DOWNLOADS]: The skill references standard, well-known GitHub Actions (actions/checkout, actions/setup-node) and official CLI tools (Vercel, Playwright) which are expected for its stated purpose.
Audit Metadata