Skills
skills/lovstudio/dev-skills/lovstudio-gh-tidy/Gen Agent Trust Hub

lovstudio-gh-tidy

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from GitHub (issue titles, PR descriptions) which could contain malicious instructions designed to influence the agent's analysis or proposed actions.
  • Ingestion points: Data is fetched via gh issue list and gh pr list in SKILL.md.
  • Boundary markers: No explicit delimiters or warnings to ignore embedded instructions are present when processing fetched content.
  • Capability inventory: The skill can execute destructive actions including gh issue close, gh pr merge, gh pr close, git push origin --delete, and gh label delete as defined in Step 4 of SKILL.md.
  • Sanitization: No sanitization or validation of the fetched issue/PR content is specified before it is analyzed by the agent.
  • [COMMAND_EXECUTION]: The skill executes shell commands using the gh and git CLI tools to perform repository management.
  • Evidence: Step 4 of the workflow in SKILL.md lists commands for closing issues, merging/closing PRs, and deleting branches/labels.
  • Mitigation: The skill follows a "Human-in-the-loop" pattern, using AskUserQuestion in Step 3 to require explicit user confirmation before executing any destructive commands. It also includes a rule prohibiting deletion of protected branches.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 06:50 AM