regression-testing
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the GitHub CLI (
gh) to trigger workflows (gh workflow run), monitor their progress (gh run watch), and fetch metadata (gh run view). These operations are essential for the skill's stated purpose of CI/CD orchestration. - [EXTERNAL_DOWNLOADS]: Test reports and failure evidence (Allure results, Playwright traces) are downloaded from GitHub Actions artifacts using
gh run download. Because these downloads are sourced from a well-known and trusted service (GitHub), they do not represent a security risk. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it parses and classifies external data from test logs and report JSON files. An attacker with the ability to influence test output could attempt to inject instructions into the analysis phase.
- Ingestion points:
gh run view --log-failedandgh run downloadfor Allure/Playwright results. - Boundary markers: None provided to distinguish test data from agent instructions.
- Capability inventory: Ability to trigger workflows, create GitHub issues, and generate local reports.
- Sanitization: No explicit sanitization of log content is performed before processing.
Audit Metadata