pr-stacking
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The instruction 'sudo apt install gh' in SKILL.md requires root access, which poses a significant security risk if the agent environment is not strictly isolated.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill downloads the GitHub CLI via trusted package managers (brew, apt) as specified in SKILL.md.\n- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to indirect prompt injection via external PR content.\n
- Ingestion points: PR descriptions and review feedback (references/workflow-steps.md).\n
- Boundary markers: None.\n
- Capability inventory: git push, git rebase, and gh pr create (write/execute actions).\n
- Sanitization: None.
Recommendations
- AI detected serious security threats
Audit Metadata