Skills
skills/fusengine/agents/pr-summary/Gen Agent Trust Hub

pr-summary

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes system commands including gh pr diff, gh pr view, gh pr status, and date. These commands are integral to its function of gathering pull request information for the user.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection via external pull request content.
  • Ingestion points: Untrusted data is retrieved from pull request diffs and comments using gh pr diff and gh pr view --comments.
  • Boundary markers: There are no delimiters or explicit instructions provided to the agent to treat the fetched data as untrusted or to ignore embedded instructions.
  • Capability inventory: The agent can execute GitHub CLI commands which could be manipulated if an injection is successful.
  • Sanitization: No sanitization, escaping, or schema validation is applied to the PR data before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 11:02 AM