github-activity-report
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes GitHub Pull Request titles and descriptions which are external, untrusted data, creating a surface for indirect prompt injection.\n
- Ingestion points: The
scripts/fetch_pr_details.shscript retrieves PR titles and body text from the GitHub API for analysis in Step 3 of the workflow.\n - Boundary markers: The
SKILL.mdinstructions lack explicit boundary delimiters or warnings to the agent to ignore instructions embedded within the fetched PR content.\n - Capability inventory: The skill has the authority to execute shell scripts and write Markdown files to the local file system.\n
- Sanitization: There is no evidence of content sanitization or filtering to prevent malicious PR descriptions from affecting the agent's output or subsequent actions.
Audit Metadata