land
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
ghCLI for repository operations like merging PRs (gh pr merge), viewing metadata, and fetching comments. It also executes a local Python helper scriptland_watch.pyto perform asynchronous monitoring of the PR state. - [PROMPT_INJECTION]: The instructions include a directive to 'not yield to the user until the PR is merged', which attempts to override the agent's standard behavior of responding to user input during long-running tasks. It also permits the agent to bypass reviewer feedback if it is 'confident' in its own solution.
- [EXTERNAL_DOWNLOADS]: Fetches external content from the GitHub API using
gh api. This data includes PR descriptions and comments which are then processed by the agent. This represents an attack surface for indirect prompt injection from untrusted sources. Ingestion occurs via API calls inSKILL.mdandland_watch.py. No boundary markers are used. The agent has significant capabilities including merging and pushing code. Sanitization inland_watch.pyis limited to removing terminal control characters.
Audit Metadata