Skills
skills/backnotprop/plannotator/review-renovate/Gen Agent Trust Hub

review-renovate

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill consumes data from external Pull Requests, creating a surface for indirect prompt injection where instructions embedded in PR content could attempt to influence agent behavior.
  • Ingestion points: PR metadata (titles, bodies) and file diffs are ingested through the gh CLI as described in the metadata and diff retrieval steps.
  • Boundary markers: No explicit delimiters are used to separate external data from internal logic or to instruct the agent to ignore instructions within the PR content.
  • Capability inventory: The skill utilizes the gh CLI for API calls and has filesystem read access for workflow inspection.
  • Sanitization: No sanitization of the PR content is performed before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 05:18 AM