work-with-pr
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution to automate development workflows.
- Uses
gitfor branching, worktree management (git worktree add/remove), and atomic commits. - Uses
gh(GitHub CLI) for PR creation, status checks (gh pr checks), and merging. - Uses
bunfor running tests, type checks, and build processes. - [EXTERNAL_DOWNLOADS]: The skill downloads external dependencies and interacts with remote services.
- Executes
bun installto fetch Node.js packages if a lockfile is detected. - Communicates with GitHub via Git and the GitHub CLI to sync code and manage PR resources.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the ingestion of external data.
- Ingestion points: Reads
TASK_SUMMARYfor branch naming and retrieves bot review comments from the GitHub API viagh apiinSKILL.md. - Boundary markers: None present to isolate interpreted instructions from data.
- Capability inventory: High-privilege command execution capabilities including file system modification, network access via CLI tools, and test execution.
- Sanitization: Input for branch names is sanitized using
trto ensure shell-safe characters; review logic uses username filtering (cubic-dev-ai[bot]) to verify the source of approval signals, which effectively mitigates common third-party spoofing attempts.
Audit Metadata