positron-qa-verify
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts and system utilities to perform its workflow. It runs
./scripts/analyze_issue.shto fetch GitHub data and./scripts/detect_versions.shto identify system and application versions. It relies on standard tools such asgh(GitHub CLI),jq(JSON processor),uname,sw_vers, andpowershell.exe. Additionally, it usespbcopy,xclip, orclipto provide verification templates to the user's clipboard. - [EXTERNAL_DOWNLOADS]: The skill retrieves data from external GitHub repositories using the
ghCLI. It fetches issue details, comments, and PR data from theposit-dev/positronrepository. These operations are restricted to a well-known service and a repository that matches the author's identity. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted data from GitHub. * Ingestion points: Fetches content from GitHub issue bodies, comments, and PR descriptions using the
ghtool. * Boundary markers: The skill does not use specific delimiters or protective instructions when passing retrieved content into the LLM context for analysis. * Capability inventory: The skill is capable of writing files to the local filesystem (output directory), accessing the system clipboard, and executing shell commands. * Sanitization: No explicit sanitization or filtering of the fetched GitHub content is performed before the LLM extracts test scenarios and edge cases from it.
Audit Metadata