enter-merge-queue
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard development commands including
git fetch,git rebase, andgit push --force-with-leaseto maintain and synchronize the PR branch state.\n- [COMMAND_EXECUTION]: It invokes local project tooling via./scripts/agents/tooling/agentTool.tsto perform GitHub API operations such as fetching PR metadata, managing review threads, and monitoring CI status.\n- [COMMAND_EXECUTION]: The skill runspnpm install,pnpm test, andpnpm lintto verify code integrity and regenerate lock files during conflict resolution processes.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it ingests and acts upon PR titles, bodies, and review comments which can be influenced by external actors.\n - Ingestion points: PR metadata and review threads are fetched via
getPrInfoandgetReviewThreadsas described inSKILL.md.\n - Boundary markers: No explicit boundary markers or specific 'ignore instructions' warnings are identified when the agent processes the content of these threads.\n
- Capability inventory: The agent has the capability to modify code, force-push to the repository, and update the state of GitHub security alerts via the
agentTool.tswrapper.\n - Sanitization: Although
sanitizePrBodyis utilized to extract issue numbers, there is no general sanitization or filtering logic applied to the review text before the agent processes it.
Audit Metadata