Skills
skills/mgratzer/forge/forge-reflect-pr/Gen Agent Trust Hub

forge-reflect-pr

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local shell commands including git, grep, and gh to analyze the repository and manage GitHub issues. These operations are standard for development workflows and are performed within the local project context.
  • [PROMPT_INJECTION]: The skill processes untrusted data from git diffs and changed files, which represents an indirect prompt injection surface.
  • Ingestion points: Step 2 (git diff and changed file contents).
  • Boundary markers: None.
  • Capability inventory: git, grep, gh, and project-specific quality gate commands (lint, test).
  • Sanitization: None. The risk is mitigated by the skill's design, which requires user triage of all findings before taking significant actions.
  • [SAFE]: The skill includes explicit instructions to check for security vulnerabilities and hardcoded secrets. No malicious patterns, obfuscation, or unauthorized exfiltration to external domains were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 08:45 AM