Skills
skills/ruvnet/claude-flow/agent-github-pr-manager/Gen Agent Trust Hub

agent-github-pr-manager

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill executes local commands using gh (GitHub CLI) and git. These are standard tools for the intended purpose of managing pull requests. The use of xargs and backticks in scripts is noted but appears constrained to repository metadata.
  • [PROMPT_INJECTION] (LOW): The skill is designed to process and synthesize feedback from multiple 'specialized review agents'. If these agents process untrusted data from the web or external PR contributors without strict boundary markers, they are subject to indirect prompt injection.
  • [INDIRECT_PROMPT_INJECTION] (LOW): Mandatory Evidence Chain:
  • Ingestion points: Processes PR titles, bodies, and review comments via gh pr create and gh pr review commands (SKILL.md).
  • Boundary markers: None identified in the provided script hooks or templates.
  • Capability inventory: Execution of gh CLI commands and git operations (SKILL.md).
  • Sanitization: No explicit sanitization or escaping of PR content before processing is documented.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:10 PM