agent-pr-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill uses the Bash tool to execute local commands such as 'npm test' and 'gh' CLI operations. While intended for testing and PR management, this creates an execution surface where malicious code within a PR's test scripts could be executed on the runner.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data from GitHub PRs (titles, bodies, and file contents). 1. Ingestion points: PR metadata and file content retrieved via 'gh pr view' and 'mcp__github__get_pull_request_files'. 2. Boundary markers: None present in the usage examples. 3. Capability inventory: Significant, including Bash execution, file writing, and GitHub PR merging. 4. Sanitization: No explicit content sanitization or instruction-filtering is documented.
Audit Metadata