supersede-pr
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill wraps the GitHub CLI (
gh) to perform pull request operations. - It validates pull request IDs as numeric strings before use, preventing command injection.
- It uses
spawnSyncwith an argument array to call theghbinary directly without spawning a shell. - [SAFE]: No prompt injection patterns or attempts to bypass safety filters were detected in the instructions.
- [SAFE]: No hardcoded credentials or unauthorized data access patterns were identified. The skill interacts with GitHub using the user's existing authenticated CLI session.
- [SAFE]: The skill does not download external scripts or packages; it uses Node.js built-in modules and assumes the
ghtool is pre-installed.
Audit Metadata