iterate
Pass
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on standard
gitandgh(GitHub CLI) commands to manage pull requests. It performs actions such as creating draft PRs, pushing commits, viewing CI logs, and rerunning failed workflows. These operations are scoped to the project's repository. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it is designed to read and execute instructions derived from external, potentially untrusted content such as PR reviews, issue comments, and CI logs. This is inherent to its function of autonomously addressing feedback.
- Ingestion points: External data enters the agent's context through
gh pr view,gh api(fetching reviews and comments), andgh run view --log-failed(fetching log content). - Boundary markers: The instructions do not provide explicit delimiters or warnings to the agent to distinguish between the skill's trusted instructions and the untrusted data being processed.
- Capability inventory: The agent has the ability to modify and push code (
git commit,git push), modify PR states (gh pr ready), and interact with the GitHub API (gh api). - Sanitization: No sanitization or validation of external content is performed before the agent processes it to generate code fixes or respond to reviews.
Audit Metadata