Skills
skills/boshu2/agentops/pr-retro/Gen Agent Trust Hub

pr-retro

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data by reading Pull Request reviews and comments via the GitHub CLI. This creates a surface for indirect prompt injection if an attacker embeds instructions in PR feedback.
  • Ingestion points: gh pr view and gh api commands in SKILL.md used to fetch review bodies and comments.
  • Boundary markers: Absent; the skill does not instruct the agent to use delimiters or ignore instructions within the fetched text.
  • Capability inventory: The skill possesses Bash and Write capabilities to execute CLI tools and save reports to the filesystem.
  • Sanitization: Absent; the skill does not describe any validation or escaping of the retrieved feedback text.
  • [DATA_EXPOSURE]: The skill retrieves metadata and discussion content from private or public repositories. This is the intended primary purpose of the skill, and the data is used locally to generate retrospective documentation without being sent to unauthorized external domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 10:05 PM