pr-merge
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (SAFE): Indirect Prompt Injection Surface. The skill ingests untrusted data from GitHub pull request titles, descriptions, and file content. This exposure is necessary for its primary purpose of PR management. The skill effectively mitigates risk through strict behavioral guidelines that prohibit merging when CI/CD fails or required reviews are missing, regardless of any instructions embedded in the PR data.\n
- Ingestion points: Data enters through
mcp__github-mcp__get_pull_requestand related tools as described inSKILL.md.\n - Boundary markers: None identified in the prompt templates.\n
- Capability inventory:
mcp__github-mcp__merge_pull_requestprovides write access to the repository.\n - Sanitization: None specified, relying on internal validation logic and LLM safety guardrails.\n- [NO_CODE] (SAFE): No executable code or external dependencies. The skill consists entirely of markdown instructions and relies on pre-installed MCP tools, which reduces the attack surface for remote code execution, persistence, or malicious package inclusion.
Audit Metadata