yeet
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The workflow explicitly directs the agent to "run pr-body.md", which is a temporary file containing the PR description. Because this description is dynamically generated from repository diffs, an attacker could inject shell commands into code comments that would then be executed by the agent when it attempts to "run" the file.
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to "install dependencies" if repository checks fail. This allows a potentially malicious repository to trigger the installation of arbitrary packages from external registries, presenting a significant supply chain risk.
- [COMMAND_EXECUTION]: The use of
GH_PROMPT_DISABLED=1andGIT_TERMINAL_PROMPT=0suppresses all interactive confirmation and security prompts. This removes critical human-in-the-loop safeguards, allowing the agent to perform automated actions, such as pushing code or creating PRs, without verification. - [DATA_EXFILTRATION]: The instruction to use
git add -Afollowed by a push to a remote origin automatically stages and exfiltrates all local changes. This includes the risk of unintentionally uploading sensitive information like environment variables, local secrets, or configuration files that have not been reviewed.
Recommendations
- AI detected serious security threats
Audit Metadata