work-with-pr
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the git lifecycle and interact with the GitHub API.
- Uses
git worktreeandgit branchfor isolated development environments. - Uses the GitHub CLI (
gh) to view repository metadata, monitor PR checks, fetch logs, and merge pull requests. - [EXTERNAL_DOWNLOADS]: The skill invokes
bun install, which downloads project dependencies from the standard NPM registry when abun.lockfile is present. - [REMOTE_CODE_EXECUTION]: The skill runs local project scripts (
bun test,bun run typecheck,bun run build) to validate changes. This executes code defined within the repository being processed. - [PROMPT_INJECTION]: The skill implements an automated feedback loop that parses external content from CI logs and PR review comments to generate code fixes, which is a surface for indirect prompt injection.
- Ingestion points: Reads CI run logs via
gh run view --log-failedand PR review bodies fromcubic-dev-ai[bot]viagh api. - Boundary markers: No explicit boundary markers or delimiters are used to wrap the ingested log or review content before processing.
- Capability inventory: The skill has the ability to modify the local filesystem, execute shell commands, and push code changes to remote repositories.
- Sanitization: There is no evidence of sanitization, filtering, or validation performed on the ingested logs or review comments before they are used to influence the agent's implementation logic.
Audit Metadata