Skills
skills/shipshitdev/library/gh-fix-ci/Gen Agent Trust Hub

gh-fix-ci

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the official GitHub CLI (gh) to interact with GitHub repositories. It executes commands to check authentication status, view pull request details, list checks, and fetch workflow run logs.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external data.
  • Ingestion points: The skill ingests untrusted data from GitHub Actions logs in SKILL.md via the gh run view --log command.
  • Boundary markers: There are no delimiters or instructions used to help the agent distinguish between log content and its own core instructions.
  • Capability inventory: The skill has the capability to propose and implement code changes in the user's repository (SKILL.md).
  • Sanitization: There is no mechanism described for sanitizing or validating the content of the logs before they are summarized and used to generate a fix plan.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 01:10 PM
Security Audit — agent-trust-hub — gh-fix-ci