Skills
skills/cartridge-gg/controller/create-pr/Gen Agent Trust Hub

create-pr

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection because it processes untrusted external data and has the capability to modify the codebase.
  • Ingestion points: The agent fetches PR comments, reviews, and CI failure logs using the GitHub CLI (gh) in scripts/poll-pr.sh, scripts/triage-pr.sh, and Phase 3 of SKILL.md.
  • Boundary markers: No markers or delimiters are used to isolate external content from the agent's internal reasoning process.
  • Capability inventory: The skill possesses significant capabilities, including git commit, git push, and gh pr merge, allowing it to modify and deploy code.
  • Sanitization: No sanitization or validation is applied to the content of logs or comments. An attacker who can influence CI logs or submit PR reviews could potentially inject instructions that the agent might execute while attempting to 'fix' the reported issues.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM