Skills
skills/cartridge-gg/controller/update-pr/Gen Agent Trust Hub

update-pr

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from GitHub pull requests without explicit boundary markers or safety instructions.
  • Ingestion points: The skill uses gh pr view <PR_NUMBER> --comments and gh pr diff <PR_NUMBER> to fetch external data (Step 2).
  • Boundary markers: Absent. There are no instructions for the agent to distinguish between its internal logic and the external instructions found in comments.
  • Capability inventory: The agent has the capability to execute shell commands via pnpm (test, build, lint), modify code via git, and interact with the GitHub API.
  • Sanitization: Absent. The instruction "Read and understand the feedback" (Step 3) explicitly encourages the agent to follow instructions provided in external comments, which could be malicious.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 09:56 PM