Skills
NYC
skills/boshu2/agentops/pr-retro/Gen Agent Trust Hub

pr-retro

Pass

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill analyzes untrusted content from pull request reviews and comments, which could contain malicious instructions.
  • Ingestion points: SKILL.md uses gh pr view and gh api to fetch reviews and comments from external GitHub repositories.
  • Boundary markers: Absent. The instructions do not tell the agent to ignore or delimit instructions found within the PR data.
  • Capability inventory: The skill uses Bash, Write, and Read tools, providing a surface for actions if an injection is successful.
  • Sanitization: None. Data is processed as raw strings for pattern identification.
  • [Command Execution] (LOW): The skill uses shell commands with interpolated variables which could be exploited if not sanitized.
  • Evidence: SKILL.md instructs the agent to run gh pr list -R <owner/repo> and gh pr view <number>.
  • Risk: If an attacker provides a malicious string for the repository or PR number (e.g., repo; rm -rf /), it could lead to command injection depending on the agent's execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 20, 2026, 01:10 AM