babysit-pr
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a Python script
scripts/gh_pr_watch.pyto interact with the GitHub CLI (gh). It executes commands to fetch pull request metadata, check statuses, and trigger workflow reruns usingsubprocess.runwith argument lists. This is a core part of its monitoring functionality. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it ingests and acts upon external data from GitHub pull request comments to drive autonomous code modifications.
- Ingestion points: Pull request issue comments, inline review comments, and review submissions are fetched from the GitHub API in
scripts/gh_pr_watch.py. - Boundary markers: The script implements filtering logic to only surface comments from trusted author associations (OWNER, MEMBER, COLLABORATOR) or approved review bots.
- Capability inventory: The skill is designed to perform git operations (commit, push) and GitHub Actions management (rerun jobs) based on these external inputs.
- Sanitization: The agent is instructed to manually evaluate the correctness and actionability of comments before performing any automated code changes.
Audit Metadata