octocat
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell command execution using the gh CLI and git binaries to manage PRs, issues, and repository state.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its requirement to read and interpret untrusted data from collaborative environments.
- Ingestion points: The agent reads git logs, blame data, PR descriptions, issue comments, and CI/CD results.
- Boundary markers: No explicit delimiters are used to wrap untrusted external data within the prompt.
- Capability inventory: The skill can execute subprocesses, write to the filesystem (e.g., /tmp/), and modify repository history.
- Sanitization: The skill lacks instructions for validating or sanitizing external content before processing it.
Audit Metadata