pull-requests
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the gh CLI and git for pull request management. It is designed to dynamically discover and execute local project commands (build, lint, test) from files such as package.json and Makefile to ensure PR quality.
- [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface when fetching PR comments from GitHub. Ingestion points: fetch_comments.py retrieves external comment text. Boundary markers: The workflows include mandatory gates requiring the user to select which comments to address before any action is taken. Capability inventory: Command execution via gh and git. Sanitization: Relies on user confirmation as a primary security gate.
- [SAFE]: The included create_pr_safe.py script implements a file-backed body mechanism. This follows security best practices by preventing shell interpolation vulnerabilities that occur when passing large markdown strings directly as command-line arguments.
Audit Metadata