positron-pr-helper
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill fetches external data from GitHub issues which could contain malicious instructions intended to manipulate the agent's PR generation logic.
- Ingestion points: External issue descriptions fetched via
gh issue view(SKILL.md). - Boundary markers: Absent. There are no instructions to the agent to treat issue content as untrusted data or use delimiters.
- Capability inventory: Write access to GitHub via
gh pr edit, clipboard access viapbcopy, and local file system write access (SKILL.md). - Sanitization: Absent. No sanitization or validation of the fetched issue content is performed before processing.
Audit Metadata