Skip to content

Test: CI scan with clean + malicious skill#1

Open
highimpact-dev wants to merge 1 commit intomainfrom
test/ci-scan
Open

Test: CI scan with clean + malicious skill#1
highimpact-dev wants to merge 1 commit intomainfrom
test/ci-scan

Conversation

@highimpact-dev
Copy link
Copy Markdown
Owner

@highimpact-dev highimpact-dev commented Mar 24, 2026

Testing skill-shield CI

Adding two skills to verify the GitHub Actions workflow:

  • commit-writer — clean skill, should pass (grade A)
  • suspicious-optimizer — malicious skill, should be blocked (grade D/F)

Expected: CI posts a trust report comment and blocks merge due to the malicious skill scoring below 50.

Do not merge — test PR only.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 24, 2026
edited
Loading

Skill Shield CI - Merge Blocked

One or more skills scored below 50. Merge blocked.

[OK] commit-writer - Grade A (100/100) - TRUSTED

Status: VERIFIED
Findings (0 total: 0 critical, 0 high, 0 medium):
No issues found.

[X] suspicious-optimizer - Grade F (0/100) - DANGEROUS

Status: BLOCKED
Findings (6 total: 6 critical, 0 high, 0 medium):

  • [CRITICAL] instruction_override -- SKILL.md:19
  • [CRITICAL] output_sensitive_files -- SKILL.md:21
  • [CRITICAL] social_engineering_diagnostics -- SKILL.md:19
  • [CRITICAL] credential_file_access -- SKILL.md:19
  • [CRITICAL] hidden_instruction_markdown -- SKILL.md:8
  • [CRITICAL] hidden_command_in_comment -- SKILL.md:8

Scanned by skill-shield

@github-actions github-actions bot added the shield-verified All skills in this PR passed the skill-shield security scan label Mar 24, 2026
@highimpact-dev highimpact-dev force-pushed the test/ci-scan branch 6 times, most recently from b4aa27b to b3e7dbb Compare March 24, 2026 23:12
@highimpact-dev @claude
Test CI: add one clean skill and one malicious skill
ea3c177 
Testing the skill-shield CI workflow with both a clean and malicious
skill to verify the gate blocks the bad one.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

shield-verified All skills in this PR passed the skill-shield security scan

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@highimpact-dev