merge-pr
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell scripts located at
scripts/pr-mergeusing a user-provided<PR>argument. If the agent does not properly sanitize this input before execution, it could lead to command injection vulnerabilities. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and executes data from local files.
- Ingestion points: The skill reads from
.local/review.md,.local/review.json,.local/prep.md, and sources.local/prep.env. - Boundary markers: There are no boundary markers or instructions to ignore potential commands within these files.
- Capability inventory: The skill has the capability to execute scripts and source environment files, which can alter the agent's behavior or execute arbitrary shell code.
- Sanitization: No sanitization is performed on the contents of the files in the
.local/directory before they are sourced into the shell environment.
Audit Metadata