land
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- GitHub CLI Integration: The skill executes commands using the
ghtool to interact with pull requests. This includes viewing metadata, monitoring check statuses, and performing the final squash-merge operation. - Automated PR Monitoring: A Python script (
land_watch.py) is utilized to monitor repository state asynchronously. It leverages the GitHub API to poll for new comments and CI updates, providing a parallelized watching mechanism. - Indirect Prompt Injection Surface: The skill processes external data such as PR titles, descriptions, and comments. While this is essential for its function (e.g., addressing review feedback), it creates a surface where external content enters the agent's context. The skill mitigates this by using specific prefixes like
[codex]for its own responses and implementing basic sanitization of terminal output. - Subprocess Execution: The Python helper script uses
asyncio.create_subprocess_execto wrapghAPI calls. The arguments are structured and do not appear to allow for arbitrary command injection from external inputs.
Audit Metadata