Security risk report for @forgecat/openai_skills_gh-fix-ci v0.0.10
Source Integrity
Low
Profile is sourced from OpenAI's official skills repository (https://github.com/openai/skills), a known and trusted upstream.
Metadata includes verifiable commit hash and timestamp, supporting supply-chain transparency.
Agent Intent
Low
The skill describes legitimate debugging workflow: inspect PR checks, summarize failures, draft a plan, and implement only after explicit user approval.
No instructions to exfiltrate credentials, read sensitive files, ignore user instructions, or hide its own behavior.
The bundled Python script is scoped to GitHub Actions log inspection and failure summarization; no evidence of guidance poisoning or malicious knowledge injection.
Details
Evidence
"draft a fix plan, and implement only after explicit approval"
"Treat external providers (for example Buildkite) as out of scope and report only the details URL"
"If unauthenticated, ask the user to run `gh auth login`" — defers to user consent
Permissions
PRM-000Medium
The skill invokes shell commands (`gh`, `python`, `gh api`) and reads log files, which constitutes medium-to-high shell/file-read authority.
Running a bundled Python script (`inspect_pr_checks.py`) via the agent introduces a subagent/script-execution surface that is broader than a pure read-only query tool.
However, these capabilities are directly aligned with the stated CI-debugging purpose and no write/delete/mutate operations on source files are performed without explicit user approval.