decompose-pr
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) and git to read pull request data, create branches, and apply commits. It also invokes build and verification tools such as npm, cargo, black, and gofmt to validate the code state.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes untrusted data from external Pull Requests.
- Ingestion points: Pull Request metadata and code diffs are fetched from GitHub using
gh pr viewandgh pr diffin Phase 1 and Phase 3. - Boundary markers: The skill does not provide specific delimiters or instructions to the agent to ignore instructions that might be embedded in the PR title, body, or diff.
- Capability inventory: The skill is capable of executing shell commands and local build scripts, as well as performing file system operations via git.
- Sanitization: No sanitization or filtering is performed on the data retrieved from the Pull Request.
- [EXTERNAL_DOWNLOADS]: The skill interacts with GitHub's official CLI and repositories, which are recognized as well-known and trusted services.
Audit Metadata