Skills
skills/sd0xdev/sd0x-dev-flow/watch-ci/Gen Agent Trust Hub

watch-ci

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and summarizes output from gh run view --log-failed, which can contain arbitrary text from CI logs controlled by the code being tested.
  • Ingestion points: External data enters the context via gh run list and gh run view output from the repository under test in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters to isolate the untrusted log data from the agent's system prompt.
  • Capability inventory: The skill utilizes Bash (for gh and git tools) and the Monitor tool to track run progress.
  • Sanitization: The skill does not describe any sanitization or validation logic for the content retrieved from the GitHub CLI.
  • [COMMAND_EXECUTION]: The skill uses bash variables to store and interpolate user-provided arguments into shell commands. Specifically, parameters like --branch, --sha, and --interval are passed directly into gh commands, which is a standard pattern that requires careful handling to prevent shell injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 07:24 PM