Skills
skills/artivilla/agents-config/pr-trends/Gen Agent Trust Hub

pr-trends

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/report-pr-trends.mjs invokes the git and gh (GitHub CLI) binaries using execFileSync to gather repository metadata. This execution is scoped to common developer operations required for the skill's primary purpose.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes and displays untrusted data, specifically git commit subjects and pull request titles, in its final report.
  • Ingestion points: Commit subjects and PR titles are retrieved from git log and gh pr list in scripts/report-pr-trends.mjs.
  • Boundary markers: Data is output in a tabular format without specific markers to distinguish untrusted content from system instructions.
  • Capability inventory: The skill has the ability to execute git and GitHub CLI commands and read repository state.
  • Sanitization: There is no filtering or escaping of commit subjects or PR titles before they are printed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 02:15 AM