Skills
skills/getsentry/skills/iterate-pr/Gen Agent Trust Hub

iterate-pr

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to invoke the GitHub CLI (gh) for tasks such as viewing PR status, retrieving workflow logs, and posting comment replies. These commands are necessary for the skill's stated goal of automating PR feedback cycles and are implemented using secure list-based argument passing.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and processes untrusted data from external sources, specifically GitHub PR comments and CI logs.
  • Ingestion points: The scripts scripts/fetch_pr_feedback.py and scripts/fetch_pr_checks.py fetch comments and log snippets from the GitHub API and CLI.
  • Boundary markers: Absent. The agent is instructed to read, interpret, and act upon the contents of these external sources without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The agent can execute shell commands via gh, git, and uv, providing a surface where malicious instructions in a comment could theoretically influence code changes or repository state.
  • Sanitization: No sanitization is performed on the ingested text before it is presented to the agent for processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:23 AM