Skills
skills/lvlup-sw/exarchos/shepherd/Gen Agent Trust Hub

shepherd

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill implements a legitimate development workflow for managing Pull Requests. It utilizes authenticated MCP server tools for VCS operations and standard CLI utilities (git, npm, gh) for local task execution. No malicious code, credential harvesting, or unauthorized network activity was detected.
  • [PROMPT_INJECTION]: The skill processes untrusted external data in the form of pull request comments and CI logs, which constitutes a surface for indirect prompt injection. This is a standard characteristic of development-oriented agents interacting with VCS platforms.
  • Ingestion points: SKILL.md (Step 2 — Fix) and references/fix-strategies.md (Reading Comments) via get_review_comments and CI output logs.
  • Boundary markers: The instructions do not specify the use of delimiters or instructions to ignore embedded prompts within the processed content.
  • Capability inventory: The agent can modify the repository state via MCP actions (merge_pr, update_pull_request, add_pr_comment) and execute local shell commands (npm run, git push).
  • Sanitization: No explicit sanitization or filtering of external content is required before the agent processes the information.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 04:36 AM