babysit-pr
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of untrusted external data.\n
- Ingestion points: The script
scripts/gh_pr_watch.pyfetches PR issue comments, inline review comments, and GitHub Actions workflow logs.\n - Boundary markers: There are no explicit delimiters or system instructions defined to prevent the agent from following malicious commands embedded within the fetched comments or logs.\n
- Capability inventory: The agent is authorized to perform local code edits, commit changes, push to repository branches, and trigger the
gh run reruncommand.\n - Sanitization: The skill lacks mechanisms to sanitize or validate external content before it is presented to the agent for action classification.
Audit Metadata