writing-checks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill establishes a surface for Indirect Prompt Injection (Category 8) by instructing agents to review untrusted content from Pull Requests.
- Ingestion points: Pull request diffs and repository source files (SKILL.md).
- Boundary markers: The instructions do not specify using delimiters or 'ignore embedded instructions' markers when the agent processes the diff.
- Capability inventory: Access to repository files, bash command execution (including 'custom scripts'), browser access, and GitHub CLI (
gh) access (SKILL.md). - Sanitization: No sanitization or validation of the PR diff content is mentioned or encouraged.
- COMMAND_EXECUTION (SAFE): The skill documents the intended capability of the 'Continue' platform to run bash commands for PR verification. While this is a powerful capability, it is presented as a primary feature of the tool rather than a hidden or malicious vector in the skill's own logic.
Audit Metadata