Skills
skills/mckinsey/agents-at-scale-ark/dependabot/Gen Agent Trust Hub

dependabot

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the GitHub CLI (gh) to manage repository state. It performs administrative actions on the mckinsey/agents-at-scale-ark repository, including creating integration branches via the Git Data API, retargeting pull requests using the Pulls API, and performing squash merges with administrative overrides (--admin).
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by reading and processing pull request titles.
  • Ingestion points: Pull request titles and metadata are retrieved via gh pr list in SKILL.md.
  • Boundary markers: The skill applies a filter to only ingest PRs from the official app/dependabot author. However, it lacks specific delimiters or instructions to treat the resulting titles as untrusted content.
  • Capability inventory: The agent has the capability to perform privileged repository operations including gh pr merge --admin and gh api PATCH requests (SKILL.md).
  • Sanitization: PR titles are processed without sanitization or validation before being incorporated into the agent's workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 07:18 AM