Peter Ci Gate

Security checks across malware telemetry and agentic risk

Overview

This is a transparent GitHub CI helper, with the main caution that it may rerun a flaky workflow once.

Before installing, make sure you are comfortable with the skill using your GitHub CLI login to inspect PR checks and failed logs. Treat any workflow rerun as a remote state-changing action and ask the agent to confirm before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Low

Confidence: 93% confidence
Finding: The skill explicitly includes a state-changing remote action (`gh run rerun <run-id>`) but does not require explicit user confirmation or warn that it will modify CI workflow state. In a CI gate context, rerunning jobs can consume resources, alter audit trails, and create pressure to treat a flaky rerun as sufficient evidence for merge readiness, so the omission is security-relevant even if the action is operationally legitimate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal