github-pull-request-description
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill is designed to ingest and summarize PR diffs, which are untrusted external inputs.
- Ingestion points: PR diff data (implied by the skill's purpose).
- Boundary markers: Absent. The instructions do not define clear delimiters or warnings to ignore instructions embedded within the diff content.
- Capability inventory: No scripts are included, but the agent's environment likely grants read/write access to GitHub.
- Sanitization: Absent. There are no steps to escape or validate the contents of the diff before it is processed by the model.
Audit Metadata