Skills
skills/rube-de/cc-skills/pr-check/Gen Agent Trust Hub

pr-check

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes a shell script located at ../../scripts/pr-comments.sh, which is outside the skill's root directory.
  • [COMMAND_EXECUTION]: Potential for shell command injection exists where variables retrieved from the GitHub API (such as PR_NUMBER, rest_id, and id) are interpolated directly into shell strings for gh and git commands without explicit validation or escaping of the input.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests PR review comments and reviewer-authored text that are then used as instructions to guide codebase modifications.
  • Ingestion points: Fetches PR review comments, review bodies, and issue comments from GitHub in SKILL.md (Step 1).
  • Boundary markers: No explicit delimiters are used to separate reviewer content from the agent's instructions.
  • Capability inventory: The agent uses Edit, Write, and Bash tools to modify the codebase based on the content of the comments.
  • Sanitization: The skill relies on internal LLM evaluation logic and anti-sycophancy instructions rather than formal sanitization or filtering of the external input.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:28 AM