flake
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various "gh" (GitHub CLI) commands to interact with pull requests, workflow runs, and logs. It includes capabilities to cancel runs and trigger job reruns.
- [DATA_EXFILTRATION]: The skill reads GitHub Actions logs and pull request metadata to extract failure signatures. This information is processed and written back to a tracking issue within the same repository.
- [PROMPT_INJECTION]:
- Ingestion points: Untrusted content is ingested from GitHub Actions logs, pull request titles, and the existing body of tracking issue #8375.
- Boundary markers: There are no explicit delimiters or markers used to isolate untrusted data (like logs or PR titles) from the agent's instructions.
- Capability inventory: The agent can modify issue content, cancel workflows, and rerun failed jobs via the GitHub CLI.
- Sanitization: Instructions mandate the creation of normalized failure signatures (e.g., removing timestamps), which provides a basic form of data sanitization.
Audit Metadata