iterate-pr
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data enters the context via
gh apicalls for PR comments andgh run view --log-failedfor CI logs (SKILL.md, Steps 3 and 4). - Boundary markers: Absent. There are no delimiters or explicit instructions to ignore potentially malicious directions embedded in the comments or logs.
- Capability inventory: The skill has the ability to modify local source code (
git add -A) and push changes to a remote repository (git push) (SKILL.md, Step 7). - Sanitization: Absent. The skill relies on the agent's judgment to 'verify the issue is real' but provides no technical sanitization or filtering of the ingested text before it influences decision-making.
- [COMMAND_EXECUTION] (SAFE): The skill executes
gitandghcommands. While these allow for repository modification, they are necessary for the skill's primary purpose and do not involve high-risk patterns like privilege escalation or arbitrary script execution from remote sources.
Audit Metadata