status-updates
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
pr-evidence.mdfile defines a bash command template that interpolates a user-provided GitHub username. \n - Evidence:
gh search prs --author <github-username> --created ">=$SINCE"inpr-evidence.md. \n - Risk: If the agent does not sanitize the
<github-username>input, an attacker could provide a payload (e.g., using backticks or semicolons) to execute arbitrary commands on the host system. \n- [PROMPT_INJECTION] (LOW): The skill is designed to ingest and process untrusted external data from GitHub Pull Requests (titles, files, etc.). \n - Ingestion points:
pr-evidence.md(viagh search prscommand output). \n - Boundary markers: Absent; the instructions do not specify using delimiters or warnings to ignore instructions within the retrieved PR data. \n
- Capability inventory: The skill has access to shell execution (
ghCLI) and text generation to draft updates. \n - Sanitization: No explicit sanitization or filtering of the ingested PR content is mentioned. \n
- Risk: Maliciously crafted PR titles or file names could attempt to influence the agent's behavior during the status update drafting process.
Audit Metadata