octocat
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local system using git and gh CLI commands to manage repositories and GitHub workflows, including interactive rebasing and writing temporary files to /tmp/ for PR body management.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted data from GitHub. 1. Ingestion points: Processes pull request descriptions, issue content, and CI log outputs via gh commands. 2. Boundary markers: No explicit delimiters or ignore instructions are used for isolation of external data. 3. Capability inventory: Subprocess execution for git and gh tools. 4. Sanitization: No validation or sanitization of data retrieved from external sources is performed.
Audit Metadata