Skills
skills/posit-dev/positron/positron-pr-helper/Gen Agent Trust Hub

positron-pr-helper

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is designed for developer productivity, automating PR body creation using local repository metadata and authenticated tools.
  • [COMMAND_EXECUTION]: The skill utilizes standard developer utilities (gh, git, pbcopy) to perform its tasks. It also includes a local bash script (scripts/fetch-test-tags.sh) that safely extracts information from source files using standard text-processing commands like grep and sed.
  • [DATA_EXFILTRATION]: No unauthorized data exfiltration was detected. All network communication is performed through the GitHub CLI and is directed to the official GitHub repository.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted data from GitHub issues via gh issue view. This content is used to generate PR bodies, which are typically reviewed by the developer before submission.
  • Ingestion points: SKILL.md triggers gh issue view to fetch context for the PR.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the prompt templates.
  • Capability inventory: The skill can update pull requests via gh pr edit, copy content to the clipboard via pbcopy, or write to local files.
  • Sanitization: The skill does not implement specific sanitization or escaping for the fetched issue content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:04 PM