process-pr
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands using
gitand the GitHub CLI (gh) to manage the repository state, verify PR status, and perform merges. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the repository.
- Ingestion points: The agent reads content from pull request bodies, issue titles/descriptions, and code diffs using commands like
gh pr view,gh issue view, andgh pr diffin Phase 2. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when the agent processes the external text.
- Capability inventory: The agent has the capability to perform significant repository actions based on its evaluation of this data, including
gh pr merge,gh issue close, and modifying PR/Issue labels. - Sanitization: There is no evidence of sanitization or filtering applied to the text retrieved from the GitHub API before it is analyzed by the agent.
Audit Metadata