prepare-pr
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local scripts (
scripts/pr-prepareandscripts/committer) to manage the PR lifecycle. These scripts handle environment setup, execution of validation tests (gates), and pushing changes to the remote repository. These are standard automation components within this developer workflow. - [PROMPT_INJECTION]: The skill processes data from
.local/review.jsonwhich contains findings and suggested fixes from external PR reviews. This creates a surface for indirect prompt injection. - Ingestion points: Data is ingested from
.local/review.jsonusingjqcommands inSKILL.md. - Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present when the agent is directed to resolve findings.
- Capability inventory: The agent has the ability to execute repository-level scripts (
scripts/pr-prepare,scripts/committer) and perform Git operations (commit, push). - Sanitization: No explicit sanitization or validation of the content within the JSON review file is performed before the agent acts on the 'fix' instructions.
Audit Metadata