Skills
skills/arjenschwarz/agentic-coding/pr-pilot/Gen Agent Trust Hub

pr-pilot

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute Git and GitHub CLI (gh) commands for branch management, PR creation, rebasing, and merging. These operations are core to the skill's stated purpose.
  • [PROMPT_INJECTION]: The skill is potentially vulnerable to indirect prompt injection because it ingests external data from PR comments and CI logs through the /pr-review-fixer skill. A malicious actor could provide instructions within a PR comment that the agent might inadvertently follow.
  • Ingestion points: PR comments and CI logs fetched via gh and processed by the /pr-review-fixer skill.
  • Boundary markers: Absent. The workflow does not explicitly delimit untrusted input from instructions.
  • Capability inventory: The skill has access to Bash, Write, and Edit tools, allowing it to modify the filesystem and execute shell commands.
  • Sanitization: None detected. The skill relies on the underlying LLM's safety filters when processing the external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 11:17 PM