learn-from-pr
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution]: The skill uses the GitHub CLI (gh) and filesystem commands (ls, find, grep) to extract information from pull requests and local session logs. These actions are restricted to information retrieval necessary for its primary function.
- [Indirect Prompt Injection Surface]: The skill analyzes data provided by external users in PR titles, bodies, and comments. If this data contains malicious instructions, it could potentially affect the quality or nature of the recommendations generated by the agent. 1. Ingestion points: PR content and metadata from gh pr view in Step 1. 2. Boundary markers: No explicit markers are mentioned to separate PR content from agent instructions. 3. Capability inventory: Filesystem discovery (find, ls) and GitHub CLI commands. 4. Sanitization: No specific filtering of PR content is implemented before processing.
Audit Metadata