Skills
skills/code-yeongyu/oh-my-openagent/work-with-pr/Gen Agent Trust Hub

work-with-pr

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and acting upon untrusted data from external sources.
  • Ingestion points: The agent reads external content via gh run view --log-failed (CI logs) and gh api (automated bot reviews from cubic-dev-ai[bot]).
  • Boundary markers: No explicit delimiters or instructions are used to separate user-provided task instructions from the potentially adversarial content found in logs or review bodies.
  • Capability inventory: The agent possesses high-privilege capabilities including the ability to execute shell commands (git, gh, bun), write files in the worktree, and push code to the remote repository.
  • Sanitization: The skill lacks sanitization or validation logic to ensure that processed logs or reviews do not contain malicious instructions intended to manipulate the agent's behavior.
  • [COMMAND_EXECUTION]: The skill performs automated execution of commands that interact with the local filesystem and remote repository.
  • It executes bun install, bun test, and bun run build within the newly created worktree. This executes code defined within the repository's configuration files, which is a necessary but high-capability operation for a development agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 08:29 AM